MWOW is directed by the enterprising council board as part of a strategic cross council approach to transformation, ensuring we can deliver change at pace. It is all about improving the way we work, including more home-working and new technology.
The early phases of MWOW reorganised our working environments by clearing office space areas and securing data for relocation. This supports the design of a wider selection of spaces for people and teams to work and collaborate, including hybrid meeting rooms.
As MWOW continues, we will do more transformational activity, changing the way we fulfil our functions as a council. This will involve using people’s personal information. As a responsible controller and processor of personal data, we need to be transparent about what we do with your information and why, so we created this privacy notice.
Why we process data
Our lawful basis for processing personal data with MWOW is Legitimate Interest, Article 6(1)(f) of the UK’s General Data Protection Regulation (UK-GDPR). That’s because it is in our legitimate interest to manage our information assets effectively, by storing data securely onsite or with our contracted offsite storage supplier.
Keeping personal data for no longer than necessary is a legal obligation under UK-GDPR, so using confidential waste to destroy time-expired data is classed as legal obligation processing.
In all other ways, our data processing carries on as normal, so look at existing privacy notices for further information. If you work for us, the employee privacy notice is the one to check. For instance, when we process “special category” data about employees’ medical conditions, the reason is given in the notice: to meet our legal obligations as an employer (UK-GDPR Article 9(2)b). If this happens as part of MWOW, it is on the same lawful basis.
How we protect data
When covering the security of personal information, the employee privacy notice says:
“Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data”.
That’s an important commitment because an early phase of MWOW activity involved relocating hard copy data within County Hall, with the help of a document management company under contract. Further phases will concentrate on premises beyond County Hall, and the same security arrangements will apply.
How we process data
MWOW promotes use of technology, which will mean keeping less of your data on paper. For instance, some documents relating to employees are being securely scanned to personnel files held in the electronic document and records management (EDRM) system, allowing confidential destruction of the originals. Whether using digital systems or paper, we apply data protection principles. Implementing MWOW has not generated any new sources of personal data so far.
All our privacy notices explain your rights as a data subject such as the right to access your information. MWOW activity does not affect these rights. We keep inventories of data being transported around our premises, so if we need to access information you have requested, we remain able to do so within statutory timescales. Transporting data does not stop us implementing records management procedures, so we will continue destroying information in accordance with our retention schedules. The checklists, protocols and procedures used during office reorganisations remind everyone involved of their duty to process your data properly.