Privacy notice relating to how the Council will deal with your data during the current Coronavirus pandemic

This privacy notice explains how North Norfolk District Council (the council) will collect, use and protect personal data specifically with regard to Covid-19 (Coronavirus) Pandemic. You can also view the Council’s privacy notice.

The Council, and its Data Protection Officer, can be contacted at:

North Norfolk District Council

Council Offices

Holt Road


NR27 9EN


The processing of personal data is governed, in the UK, by the General Data Protection Regulation 2016 (“GDPR”) and any national implementing laws (Data Protection Act 2018), regulations and secondary legislation, as amended or updated from time to time, and is regulated by the Information Commissioner's Office.

Processing Activities

The council already holds data regarding residents, employees, businesses and other stakeholders. You may have provided this information for a specific reason. Normally the council would seek to inform you that the data provided would be being used for a different purpose. Due to the rapidly emerging situation regarding the current pandemic this will not always be possible. If we already hold information regarding vulnerability as defined in the current guidance from the Government and Public Health England, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the council where necessary and proportionate.

We may share information with external services and this may include sharing data with community groups such as church groups, neighbourhood and resident groups, community services and charities.

Additionally we may, in this current crisis, need to ask you or be provided with personal information including sensitive personal information for example your age or if you have any underlying illnesses or are vulnerable, that you have not already supplied. This is so the council can safely assist and prioritise services.

We will always look to collect the minimum data necessary to achieve the purpose required and continue to act in accordance with the GDPR and related data protection legislation.

Legal basis for processing your personal data

How we are processing your personal data will determine the legal basis for processing. The legal bases for processing by the council as a public authority will be those grounds set out in Article 6(1) GDPR. During this time, the legal basis may include:

  1. Where disclosure is in the vital interests of yourself or another person: Article 6(1)(d) and 9(2)(c) GDPR
  2. Where it is necessary for the reasons of substantial public interest: Article 9(2)(g) GDPR
  3. Where it is in the interest of public health: Article 9(2)(i) GDPR

Sharing your personal data

In the current pandemic we may share your information with other public authorities, emergency services, and other stakeholders as necessary and proportionate to do so and in accordance with legal bases for doing so. This may include with community groups such as church groups, neighbourhood and resident groups, community services and charities.

How long we keep your personal data

We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period.

However, where possible we will anonymise this data so that you cannot be identified.

Where we do not need to continue to process your personal data, it will be securely destroyed.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  1. to request a copy of your personal data which we hold about you
  2. to request that we correct any personal data if it is found to be inaccurate or out of date
  3. to request that your personal data be erased where it is no longer necessary for us to retain such data 
  4. to lodge a complaint with the Information Commissioner's Office (ICO)

You can make a request to exercise your rights.

If you are unhappy please bring your concerns or issues to us in the first instance.

If you remain unhappy, you can contact the ICO at

View our data protection policy for further information.