General Data Protection Regulations (GDPR)


The General Data Protection Regulations (GDPR) come into force within the European Union on 25th May 2018; this legislation makes significant changes to the way organisations process and retain personal data relating to individuals. 

The GDPR creates an enhanced regulatory regime and provides data protection supervisory authorities with the powers to impose significant administrative fines for non-compliance.

Mablethorpe & Sutton Town Council recognises the importance of compliant processing and retaining of personal data consistently and legally, within the boundaries as a ‘corporate body’ to ensure it remains fair and respectful to individuals. 
GDPR Compliance
Mablethorpe & Sutton Town Council has adopted the following policies and procedural documents to ensure and demonstrate compliance with GDPR responsibilities.

  ·         Data Protection Policy

·         Subject Access Request Procedure

·         Data Breach Policy

·         Records’ Retention Policy

·         Privacy Notices Policy

·         Consent Form Template

·         Data Map


Mablethorpe & Sutton Town Council has issued Security Compliance Checklists for Councillors and Staff Members and is registered as a Data Controller with the Information Commissioners Office

Personal Details 

You can find out more about how we use your data from our “Privacy Notice” (as attached) or in hard copy from the Town Council Office or via the website:

Other data controllers the council works with:


  • East Lindsey District Council
  • Lincolnshire County Council
  • Community groups
  • Charities
  • Other not for profit entities
  • Contractors
  • Funeral Directors
  • Memorial Masons
  • Churches (Burials and Internments)
  • Insurers
  • Legal representatives
  • Central Government Departments

We may need to share your personal data we hold with them so that they can carry out their responsibilities to the council. If we and the other data controllers listed above are processing your data jointly for the same purposes, then the council and the other data controllers may be "joint data controllers" which mean we are all collectively responsible to you for your data.

Where each of the parties listed process your data for their own independent purposes then each of us will be independently responsible to you and if you have any questions, wish to exercise any of your rights (see below) or wish to raise a complaint, you should do so directly to the relevant data controller.

A description of what personal data the council processes and for what purposes is set out in our adopted Privacy Notice.

The council will process some or all of the following personal data where necessary to perform its tasks:


  • Names, titles, and aliases, photographs;
  • Contact details such as telephone numbers, addresses, social media names and email addresses
  • Where they are relevant to the services provided by a council, or where you provide them to us, we may process information such as gender, age, marital status, nationality, education/work history, academic/professional qualifications, hobbies, family composition, and dependants.
  • Where you pay for activities such as use of a Council service (i.e. allotment, beach hut, market stall purchase of rights to grave spaces or memorial permits) financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers.
  • The personal data we process may include sensitive or other special categories of personal data such as racial or ethnic origin, mental and physical health, details of disabilities or injuries, medication/treatment received or political beliefs.

 You can withdraw or change your consent at any time by contacting the Council office on 01507 613644 / 613645 / 613646.