Agenda item

Information Governance / Data Protection Policies


A report detailing the adoption of data protection and information security policies was provided to the Committee.


It was explained that the South West Wales Corporate Joint Committee has responsibilities in respect of compliance with the Data Protection Act 2018, and other processes in relation to information governance.


Officers stated that the proposal within the report set out to adopt a suite of documents which would help demonstrate the Committee’s compliance with the Data Protection Act 2018. In addition to this, Members were informed that an additional obligation was the need to delegate a Data Protection Officer; this will be the person who would have responsibility for ensuring compliance with the data protection legislation. It was mentioned that the proposal was to nominate Craig Griffiths, Monitoring Officer, as the Data Protection Officer.



(a)Members designate the Monitoring Officer as the Statutory Data Protection Officer pursuant to the Data Protection Act 2018;

(b)Members adopt the Privacy Statement included at Appendix 1

(c)Members adopt the following policies for usage by the South West Wales Corporate Joint Committee included at Appendix 2:

·       Data Protection Policy

·       Acceptable Use Policy

·       Incident Reporting Policy

·       Information Security Policy

·       Information Security Breach Policy

·       IT Security Policy

·       Mobile Device Security Policy

·       Removable Media Policy


Supporting documents: