Parish Council email accounts and GDPR

We often get asked the question: should the clerk or Councillors be using their personal email accounts for council business?

While this wasn’t a problem in the past, the new GDPR regulations mean that it isn’t advisable. There are 2 main reasons for this – under GDPR, people have:

  • The right to access all information that you hold about them
  • The right to be forgotten (ie have all information you hold about them erased)

Fulfilling both of these obligations can be difficult when the clerk or Councillors may have information buried within their personal communications. Also, if the clerk or a Councillor has left the council it will be difficult and time-consuming to retrieve or delete all the information shared as part of council business.

There are 2 ways of solving this problem:

  • Set dedicated accounts for your Councillors, using your Council’s domain name. We recommend using Webmail to access the emails as that way no messages are downloaded to the Councillor’s PC or phone. There are 2 advantages to this approach: your Councillors will have an official email address such as cllr.john.smith@yourcouncilname.org.uk; secondly you will have complete control over deleting all their messages after they leave the Council.
  • Get your Councillors to set up dedicated council email accounts using a free online email such as gmail. When a Councillor leaves the council, they can simply delete the account and all the content. This isn’t ideal as you will need to rely on them to delete the account and all the messages after they leave.

 

There are 4 main advantages to using emails that are set up to use your domain name (for example clerk@parishcouncilname.org.uk):

  • It is more official and more professional. Anyone can set up an account such as clerk.parishcouncilname@gmail.com whether they have a link to the council or not.
  • It offers more privacy – Google are able to offer free email accounts by selling user’s metadata to advertisers.
  • It enables the Council to have full control over removing email accounts when a Councillor leaves the Council – in the case of Gmail you are relying on the Councillor to delete the account themselves. This can be an issue with GDPR if a parishioner requests the disclosure of all information regarding them and the Council is not able to provide it as it is controlled by an ex Councillor.
  • In addition (another GDPR issue) – all the data from email accounts we offer is held in the UK.

Our costs are to cover the fees we pay for the server space; the time spent responding to support requests and also adding and removing email accounts as Councillors change.