Skip to main content
Dudley Council
Dudley Skyline

Record of Processing Activities (RoPA)

Dudley Metropolitan Borough Council Record of Processing Activities (RoPA) (Article 30)

This page provides a summary of personal data processing activities undertaken by the council. It complies with Article 30 of the UK GDPR by providing:

a)  the name and contact details of the controller and the data protection officer;
b)  the purpose of the processing;
c)  a description of the categories of data subjects and of the categories of personal data;
e)  where applicable, transfers of personal data to a third country etc
f)  where possible, the envisaged time limits for erasure of the different categories of data;
g)  where possible, a general description of the technical and organisational security measures in place.

The Controller:

Dudley Metropolitan Borough Council
The Council House
West Midlands

Nature of work - Unitary Authority

Further information relating to the work of the council can be obtained from our General Privacy Notice accessible at this link:

Corporate Privacy and Disclaimer Statement

Data Protection Officer:

Mr L J Bourne
Data Protection & Information Governance Manager

Description of Processing

The following is a very broad description of the way Dudley MBC processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the Council has provided or published at this link: Privacy and Disclaimer Statements or contact the Council directly to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to enable us to provide a range of government services to local people and businesses which include:

•  Administration and Government function
•  Adult education and lifelong learning function
•  Adult services function
•  Adult social care function
•  Advice and benefits function
•  Advice and welfare rights function
•  Alcohol and entertainment function
•  Alternative education provision function
•  Animal welfare function
•  Animals function
•  Arts and entertainment function
•  Asylum and immigration function
•  Benefits function
•  Building and construction function
•  Building control function
•  Business advice and support function
•  Business and employment function
•  Business grants function
•  Business rates function
•  Businesses function
•  Businesses and markets function
•  Careers and employment function
•  Carer and disability benefits function
•  Carers function
•  Children and families function
•  Children and young people social care function
•  Commercial activities function
•  Commercial property function
•  Commercial waste function
•  Communications and publicity function
•  Community centres and facilities function
•  Community grants function
•  Community safety function
•  Community transport function
•  Complaints and compliments function
•  Conservation and sustainability function
•  C onsultations function
•  Corporate Landlord function
•  Corporate management function
•  Council and community housing function
•  Curriculum and policy function
•  Cycling function
•  Data protection and freedom of information function
•  Democracy function
•  Democratic services function
•  Development control function
•  Disabled facilities grants function
•  Early years and childcare function
•  Educational support function
•  Elected members function
•  Emergencies function
•  Environmental health function
•  Environmental protection function
•  Equipment and supporting services function
•  Events and exhibitions function
•  Extra-curricular activities function
•  Facilities function
•  Family benefits function
•  Finance function
•  Food function
•  Footpaths, byways and bridleways function
•  Fostering and adoption function
•  Funerals and cremations function
•  Gambling and lottery function
•  Goods and services function
•  Grants and aid function
•  Grants for children and young people function
•  Hazardous materials function
•  Hazardous waste function
•  Health and safety at work function
•  Health and social care function
•  Health and welfare at school function
•  Heating and housing benefits function
•  Help and advice for adults function
•  Higher education function
•  Highway maintenance function
•  Highways function
•  Highways policy function
•  Homelessness and prevention function
•  Household waste function
•  Housing function
•  Housing advice function
•  Housing allocation function
•  Housing finance function
•  Housing grants function
•  Housing policy function
•  Housing services function
•  Human resources function
•  Improvements and repairs function
•  Incident response function
•  Information communication technology function
•  Internal operation function
•  Legal function
•  Leisure activities function
•  Leisure and culture function
•  Libraries function
•  Library membership function
•  Licences, permits and permissions function
•  Local history and heritage function
•  Looked after children function
•  Low income benefits function
•  Markets function
•  Multiple occupancy homes function
•  Museums and galleries function
•  Neighbourhood and Communities security function, including CCTV.
•  Parking function
•  Parks and open spaces function
•  Permissions and consents function
•  Planning and building control function
•  Planning policy function
•  Planning services function
•  Policy and performance function
•  Pollution control function
•  Procurement function
•  Public Health Function
•  Public safety function
•  Public transport function
•  Pupil development and support function
•  Recycling function
•  Reference and research function
•  Regeneration function
•  Registration function
•  Religion and culture function
•  Road safety function
•  Road signs and markings function
•  Roads and streets function
•  School admissions function
•  School and special libraries function
•  Schools function
•  Schools and education function
•  Special education needs function
•  Sports and sporting venues function
•  Statistics and census information function
•  Street care and cleaning function
•  Support for children and young people function
•  Taxation function
•  Taxi and private hire function
•  Tourism function
•  Trading standards function
•  Transport function
•  Transport and highways function
•  Transport schemes function
•  Volunteering and voluntary organisations function
•  Waste and pollution function
•  Waste management function
•  Waste policy function
•  Water activities function
•  Youth offending function

The processing for the above functions is carried out by the Council’s Directorates and service teams that sit within those Directorates. Further information on the Council’s structure is accessible at this link: Organisational Chart 

Type/classes of information processed

We process information relevant to the above reasons/purposes which may include:

•  Business activities
•  Case file information
•  Employment and education details
•  Family details
•  Financial details
•  Goods and services
•  Housing needs
•  Licences or permits held
•  Lifestyle and social circumstances
•  Personal details
•  Student and pupil records
•  Visual images, personal appearance, and behaviour

We also process ‘special categories’ of information, previously known as ‘sensitive data’, that may include:

•  Criminal proceedings, outcomes and sentences
•  Genetic/biometric data
•  Offences (including alleged offences)
•  Physical or mental health details
•  Political affiliation/opinions
•  Racial or ethnic origin
•  Religious or other beliefs of a similar nature
•  Trade union membership


Who information is processed about

We process personal information about:

•  Adults living in the Borough
•  Business owners
•  Carers or representatives
•  Children living in the Borough
•  Claimants
•  Complainants, enquirers or their representatives
•  Customers
•  Landlords
•  Licence and permit holders
•  Offenders and suspected offenders
•  Payers of Council Tax and/or Business Rates
•  People captured by CCTV images
•  Professional advisors and consultants
•  Receivers of Council Services
•  Recipients of benefits
•  Representatives of other organisations
•  Staff, persons contracted to provide a service
•  Students and pupils
•  Suppliers
•  Traders and others subject to inspection
•  Tenants
•  Witnesses

Who information may be shared with

We sometimes need to share information with the individuals we process information about and other organisations.  Where this is necessary, we are required to comply with all aspects of the data protection legislation.  The following is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

 In certain circumstances, where necessary or required by law, we may share information with:

  •  Courts, prisons
  •  Credit reference agencies
  •  Current, past and prospective employers and examining bodies
  •  Customers
  •  Customs and excise
  •  Data processors
  •  Debt collection and tracing agencies
  •  Educators and examining bodies
  •  Family, associates or representatives of the person whose personal data we are processing
  •  Financial organisations
  •  Healthcare professionals
  •  Healthcare, social and welfare organisations
  •  Housing associations and landlords
  •  Housing and tenants’ associations
  •  International law enforcement agencies and bodies
  •  Law enforcement and prosecuting authorities
  •  Legal representatives, defence solicitors
  •  Licensing authorities
  •  Local and central government
  •  Ombudsman and regulatory authorities
  •  Partner agencies, approved organisations and individuals working with the police.
  •  Police complaints authority
  •  Police forces
  •  Other police forces, non-home office police forces
  •  Political organisations
  •  Press and the media
  •  Private investigators
  •  Professional advisors and consultants
  •  Professional bodies
  •  Providers of goods and services
  •  Regulatory bodies
  •  Religious organisations
  •  Security companies
  •  Service providers
  •  Students and pupils including their relatives, guardians, carers or representatives,
  •  Survey and research organisations
  •  The disclosure and barring service
  •  Trade unions
  •  Tribunals
  •  Voluntary and charitable organisations

Organisational Security Measures

The Council has a robust suite of security controls in place to protect the records we hold about you (on paper and electronically). The Council meets stringent Public Sector Network (PSN) Security controls, and strict Payment Card Industry Data Security Standards (PCI-DSS). The Council has Cyber Essentials accreditation and complies with NHS Digital’s Data Security and Protection Toolkit (DSPT) standards.

Access to your records is only available to those who have a right to see them. Examples of further security include:

•  Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This type of technology is applied to a number of our systems including our email system.
•  Access Controls, controlling access to systems and networks using multi factor authentication, allows us to stop people who are not allowed to view your personal information from getting access to it.
•  Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
•  Regular testing of our technology and ways of working including keeping up to date on the latest security updates (patches).

Further details and policies relating to how we look after your information can be accessed at this link: How we look after your information

How long do we keep your personal information?

There is often a legal reason for keeping your personal information for a set period of time, we try to include all of these in the Council’s retention schedule. A copy of this document is available on request from our Information Governance Team (email:

For each service the schedule lists for how long your information may be kept. This ranges from months for some records to decades for more sensitive records. As services, laws and legislation change regularly, the retention schedule is constantly changing to reflect the new requirements.


In very rare circumstances, it may sometimes be necessary to transfer personal information overseas. Any transfers made will be in full compliance with all aspects of the data protection legislation, for example, only with your consent if appropriate and with additional security measures in place to protect your information.

The majority of personal information is stored on systems located on the Council’s own servers in the Council’s own secure premises, although there are some occasions where your information may leave the UK in order to get to another organisation, or, if it is stored in a system that uses servers elsewhere.

We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data, undertaking risk assessments on systems being used to ensuring we have a robust contract in place with the third party.

We will take all practical steps to make sure your personal information is not sent to a country that is not seen as “safe” either by the UK or EU Governments.

Further information

If you have any concerns about how your personal information is handled please contact our Data Protection Officer via the details provided above.

For independent advice about data protection, privacy and data sharing issues, you can contact the regulatory body: Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK99 5AF

Tel: 0303 123 1113
Contact page: ICO Contact Us

Visit: ICO