The law on data protection says what we should do when we collect, use, store or do anything else with people’s personal information.
Changes in the law from 25 May 2018 reflect the digital age and the need for people to have control over their personal data. They also ensure we the Council, as a Data Controller, are accountable for our actions. Information about the new law and what it means can be found on the website of the Information Commissioner.
Our policies and procedures explain how we meet our obligations under data protection legislation.
In particular, your rights concerning your information are explained in The Individual Rights of Data Subjects Policy and Procedure.
These rights include the Council being transparent about the information we hold and how it will be used and shared; telling you what information we have about you and putting right or erasing information which is incorrect or out of date.
You may also ask us to restrict using your information or to stop using it altogether and there are also rights concerning data portability and using data for automatically making decisions.
Some of these rights depend on why the information is being used and considerations can be complex, please see the Policy for full details.
Information about how to access information we may hold about you can be found under ‘Requesting your Information’.
Our Privacy Notice explains how we will handle your personal information, along with service specific Privacy Notices which provide additional detail where required.
The Council undertake Data Protection Impact Assesments (DPIA) in order to assess the security risk to data on projects, changes in service or processes. The DPIA’s form a part of the overall risk assessment of that piece of work. You can view the Council’s DPIAs via our related download.
If you have any questions about how the Council carries out its data protection responsibilities, please contact the Data Protection Team.