Data protection law changed on 25 May 2018 with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Data Protection Act 2018 replacing the Data Protection Act 1998.
The GDPR is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also covers the export of personal data outside the EU. The government has confirmed that the UK’s decision to leave the EU will not impact on the provisions of the GDPR. The Data Protection Act 2018 adds specific details and exemptions, where permitted by the GDPR, relating to the UK’s own data protection regime
Data protection legislation promotes individuals to take control of their personal data through a series of rights and these can be accessed via our Rights Information page.
The Data Protection Act (DPA) places obligations on the council, as a data controller, while giving rights to you as the data subject. It imposes stringent requirements that any organisation holding personal information must comply with. The Act also requires the council to respect the principles of fair processing when handling your personal information and that all processing undertaken must be:
- fair and lawful
- used only for a specific purpose
- adequate, relevant, not excessive
- accurate and kept up-to-date
- kept for no longer than is necessary
- kept secure
We conduct Data Protection Impact Assessments (DPIA) for any new processing of personal data. We will publish them below:
Subject Access Request
The council has a duty under the Act to provide individuals with access to information that it holds about you. Under Article 15 of the General Data Protection Regulation (GDPR), you have the right to request access to personal information held about you by the council. This type of request is called a subject access request or ‘SAR’ and further information can be located on the Subject Access Request page.
You also have the right to request CCTV footage of yourself under Article 15 of the GDPR. You have a right to be provided with images of yourself, if we hold them, but not of any third parties. If you require CCTV footage of yourself that you believe may have been captured by cameras owned by the council, please complete the CCTV footage request form located on the CCTV page.
For more information on the Council's handling of personal information, please refer to the Council's Data Protection Policy.
Further information regarding data protection can be found on the Information Commissioner's website.
You also have the right to request CCTV footage of yourself under Article 15 of the GDPR. You have a
right to be provided with images of yourself, if we hold them, but not of any third parties.
If you require CCTV footage of yourself that you believe may have been captured by cameras owned by the council, please complete the CCTV footage request form located on the CCTV page.
If you require further assistance, please contact the Information Governance Team by telephone on 01733 452533 or email firstname.lastname@example.org. Data Protection Impact Assessments (DPIA) are available on request.