Data Protection Act

About the Data Protection Act 

The Data Protection Act (DPA) places obligations on the council, as a data controller, while giving rights to you as the data subject. It imposes stringent requirements that any organisation holding personal information must comply with. The Act also requires the council to respect the principles of fair processing when handling your personal information and that all processing undertaken must be:

  • fair and lawful; and
  • used only for a defined purpose; and
  • adequate, relevant, not excessive; and
  • accurate and up-to-date; and
  • deleted when no longer required; and
  • processed in accordance with the data subject's rights; and
  • kept secure; and
  • not transferred to other countries without adequate protection.

Subject Access Request

The council has a duty under the Act to provide individuals with access to information that it holds about you. Under section 7 of the Data Protection Act 1998, you have the right to request access to personal information held about you by the council. 

This type of request is called a subject access request or ‘SAR’ and further information can be located on the subject access request page


You also have the right to request CCTV footage of yourself under section 7 of the Data Protection Act 1998. You have a right to be provided with images of yourself, if we hold them, but not of any third parties.

If you require CCTV footage of yourself that you believe may have been captured by cameras owned by the council, please complete the CCTV footage request form located on the CCTV page.

For more information on the Council's handling of personal information, please refer to the Council's Data Protection Policy.

Further information regarding data protection can be found on the Information Commissioner’s website.

Data Protection policy

Size: 216.63 KB File format: pdf

General Data Protection Regulation (GDPR)

Data protection law will change on 25 May 2018 with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replacing the Data Protection Act 1998 (Directive 95/46/EC).

The GDPR is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also covers the export of personal data outside the EU. The government has confirmed that the UK’s decision to leave the EU will not impact on the provisions of the GDPR.

GDPR promotes individuals take control of their personal data through a series of rights and these can be accessed via the Rights Information page.

Further Help

If you require further assistance, please contact the Information Governance Team by telephone on 01733 452533 or email