Category Archives: GDPR

Parish Council email accounts and GDPR

We often get asked the question: should the clerk or Councillors be using their personal email accounts for council business?

While this wasn’t a problem in the past, the new GDPR regulations mean that it isn’t advisable. There are 2 main reasons for this – under GDPR, people have:

  • The right to access all information that you hold about them
  • The right to be forgotten (ie have all information you hold about them erased)

Fulfilling both of these obligations can be difficult when the clerk or Councillors may have information buried within their personal communications. Also, if the clerk or a Councillor has left the council it will be difficult and time-consuming to retrieve or delete all the information shared as part of council business.

There are 2 ways of solving this problem:

  • Set dedicated accounts for your Councillors, using your Council’s domain name. We recommend using Webmail to access the emails as that way no messages are downloaded to the Councillor’s PC or phone. There are 2 advantages to this approach: your Councillors will have an official email address such as cllr.john.smith@yourcouncilname.org.uk; secondly you will have complete control over deleting all their messages after they leave the Council.
  • Get your Councillors to set up dedicated council email accounts using a free online email such as gmail. When a Councillor leaves the council, they can simply delete the account and all the content. This isn’t ideal as you will need to rely on them to delete the account and all the messages after they leave.

 

There are 4 main advantages to using emails that are set up to use your domain name (for example clerk@parishcouncilname.org.uk):

  • It is more official and more professional. Anyone can set up an account such as clerk.parishcouncilname@gmail.com whether they have a link to the council or not.
  • It offers more privacy – Google are able to offer free email accounts by selling user’s metadata to advertisers.
  • It enables the Council to have full control over removing email accounts when a Councillor leaves the Council – in the case of Gmail you are relying on the Councillor to delete the account themselves. This can be an issue with GDPR if a parishioner requests the disclosure of all information regarding them and the Council is not able to provide it as it is controlled by an ex Councillor.
  • In addition (another GDPR issue) – all the data from email accounts we offer is held in the UK.

Our costs are to cover the fees we pay for the server space; the time spent responding to support requests and also adding and removing email accounts as Councillors change.

 

 

 

 

 

GDPR compliant websites

GDPR for Town & Parish Council Websites

Frequently Asked Questions

We’re still getting lots of question from our town and parish council customers about how to make their websites GDPR compliant, so we’ve answered some of the most common questions below:

How does your website use and process personal information?

GDPR compliant privacy policy

GDPR and website security

GDPR and website cookies

GDPR and personal email accounts – Is it okay to use personal email for parish council business under GDPR?

Making your contact form GDPR compliant

How we can help

 

How does your website use and process personal information?

Your website collects personal data in a number of ways:

  • When you request information from users, such as if they fill in any form on your site to contact you or to subscribe to your newsletter
  • When users visit or log into your site cookies can be set on their computer
  • If you have any members areas/bulletin boards or the option for users to add comments

Back to top

GDPR compliant privacy policy

Your website should include the privacy policy for your town or parish council website, covering how you process information both on the website and in your general dealings. Your privacy policy should cover:

  • Do you collect data?
  • If so, why?
  • How do you use it?
  • Is it secure?
  • Do you share it with anyone?

All our websites include a built-in privacy policy page ready for you to add your policy to. This links into your site footer, so is visible from ever page on your website.

Back to top

GDPR and website security

You are responsible for the security of your user’s data if they fill out a form on your website, for example. Your website should have a SSL certificate installed so that the connection between the server and the user is encrypted, and information cannot be intercepted.

In addition all sites that do not have an SSL certificate installed are now being marked as ‘insecure’ by the major web browsers, so having an SSL certificate is now becoming essential for all websites.

All our websites include an SSL certificate set up and configured, as standard. You can read about the features we offer on our websites.

Back to top

GDPR and website cookies

If your website sets cookies (as nearly all websites do), you must inform the user that cookies are set and allow them to opt out. This is done using a cookie consent bar.

How can you tell if your website sets cookies?

Virtually all modern websites set cookies. If you log into your website to make updates, then a cookie is set to ‘remember’ that you have logged in. The exception is older style websites built using html, although some of these sites set cookies too.

All our websites come with a cookie consent bar as standard.

Back to top

GDPR and personal email accounts

If your parish clerk or your Councillors use personal email accounts you should consider setting up dedicated town or parish council ones. This means that if someone were to leave the council, that account could be deleted so that any personal information about individual parishioners it contains would be erased.

We can set up email accounts using your domain name. We offer both POP (where messages are stored on the user’s computer) and IMAP (where messages are stored on our server) accounts.
Back to top

Making your contact form GDPR compliant

GDPR states that you must inform the user that you are collecting data about them at the point of data collection. In practice this means that you contact form and any sign-up form should have a link to your privacy policy and a checkbox that users must click to confirm they accept.

Back to top


How can we help?

At Town and Parish Council Websites we are committed to providing fully GDPR compliant websites for local councils.

Please get in touch if you would like further information or fill out our quote form for us to provide you with a free, no-obligation quote.

Back to top

 

GDPR-compliant Contact Forms

GDPR states that you need to inform users about what information you are collecting about them, how long you intend to store it and what you intend to use it for at the point of collecting the information.

This means that at the top of your contact form or contact us page you need to have a prominent link to your privacy policy and a statement saying that you are collecting personal information, and by submitting the form or sending you an email, users are agreeing to this. You should also include a link to your privacy policy so that your users can find further information.

If you want to be extra careful, you can have a check box on your form that users must check to confirm that they have read and accept your privacy statement. It is possible to add one of these check boxes that will not allow the user to submit the form until the box has been checked.