Dudley Council
Dudley Skyline

We are committed to protecting your personal data and ensuring that it is processed fairly and lawfully. Information you provide to us will be processed in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018) and subsequent legislation.

The Emergency Planning Service deliver the Local Authority’s statutory responsibilities and duties as a Category 1 Emergency Responder as set out by the Civil Contingencies Act (CCA) 2004.

The local authority must plan for, respond to and recover from major incidents in the Dudley Borough.

The statutory duties placed on the local authority as a Category 1 responder includes the anticipation and assessment of risks, production of plans for the purpose of controlling and/or mitigating the impact of emergency incidents and business disruptions as well as effectively responding to, and recovering from, an emergency.

Purpose of processing

The processing of personal information is necessary for compliance with the statutory requirements of the Civil Contingencies Act 2004.

Legal basis for processing

The legal basis for data processing we are relying on comes from Article 6 of the General Data
Protection Regulations (GDPR). The following sections apply;

  • Article 6(1)(c) Legal Obligation - Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Article 6(1)(d) Vital interest - the processing is necessary to protect someone’s life;
  • Article 6(1)(e) Public task -the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Information we process

The personal data we collect and process depends on the function we perform.  Please refer to the below:

Staff / Volunteer Details

We contact Council staff and volunteers by email to collect the following personal information to support the production and maintenance of effective emergency response and business continuity plans:

  • Name
  • Personal phone numbers
  • Personal email address

Contact numbers are also added to the Council’s SMS system for communication in the event of an emergency.

Additionally, we store emergency plans that contain personal data which are owned by our partner organisations.

Keyholder Information

We invite keyholders of our designated Emergency Assistance Centres to provide:

  • Name 
  • Personal phone numbers
  • Email address

so we may contact them if there is a requirement for people to be evacuated to a safe location.

Emergency Assistance Centre Registration

Paper records will be used to capture personal details of people evacuated to the Council’s Emergency Assistance Centres as follows:

  • Name
  • Home Address
  • Contact details
  • Date of Birth
  • Gender
  • Medical, Physical, Health or Social Care Needs
  • Prescription / Medication Needs
  • Next of kin contact details
  • Vehicle Registration

We will only use your personal data for the purpose for which we collected it which will include the following:

  • To register you at one of our Emergency Assistance Centres
  • To enable us to help meet any identified care and support needs
  • To help you contact relatives and friends following an incident or emergency
  • Enquiries can be made to see who is accounted for, and who is missing

Decision Logs / Meeting Records

Information is collected about the decisions made and courses taken by the Council during and after a major incident.  This information may be made available as evidence to support any subsequent debriefs, inquiries or proceedings.

Sharing your information

The CCA places a duty on Category 1 and 2 responders to share information upon request.  To help us provide emergency response services appropriate to your needs both during an incident and throughout the longer-term recovery period, we may share information with others including, but not limited to, Category 1 and Category 2 responders, such as:

  • Other Dudley Council services
  • Emergency Services
  • NHS agencies
  • Health providers
  • Utility companies
  • Voluntary organisations

Amount of time we will hold your information

The information provided will be kept in accordance with our retention policy.  Details of this are available by contacting information.governance@dudley.gov.uk

Keeping your information secure

We are committed to protecting personal data and have data policies and procedures in place to ensure that it is safeguarded.

Contact information is held securely on the Council’s ICT network.  A limited number of hard copy emergency plans and emergency telephone directories are produced and stored securely in control rooms and issued to key local authority personnel.  All staff undertake regular training about data protection and managing personal information.

All data is stored electronically on encrypted equipment and is managed using the principles of confidentiality and data protection. 

Opting out of the use of your information

You have the right to ask us to stop or restrict the processing of your personal data.  Where possible, we will seek to comply with your request, but we may need to hold or process information to comply with a legal requirement.

National data opt-out

National Data Opt-Out and use of NHS data.


Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a Care or Patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

•  improving the quality and standards of care provided
•  research into the development of new treatments
•  preventing illness and diseases
•  monitoring safety
•  planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit Your NHS Data Matters. On this web page you will:
•  See what is meant by confidential patient information
•  Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
•  Find out more about the benefits of sharing data
•  Understand more about who uses the data
•  Find out how your data is protected
•  Be able to access the system to view, set or change your opt-out setting
•  Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
•  See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:
NHS UK Information About Patients (which covers health and care research); and
Understanding Patient Data What You Need to Know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until March 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Your rights

Your rights are detailed in the Council’s Corporate Privacy Notice 

Should you wish to raise any concerns about how we have processed your personal data you can contact the data protection officer, email information.governance@dudley.gov.uk
You also have the right to contact the Information Commissioner.

If you would like a copy of this information in a different format, please email information.governance@dudley.gov.uk