Data protection and privacy
The General Data Protection Regulation (GDPR) protects the privacy of individuals and places obligations on organisations that process personal data. Personal data is any information about a living individual that can identify them. The council needs to process and store personal data in order to provide its services effectively.
Our Data Protection Policy explains the way that our councillors, employees and anyone else working with the council must handle personal information.
To view our Data Protection Policy use the following link
The council is committed to protecting your privacy and will treat your personal data in accordance with the requirements of the Data Protection Act 1998. This page provides details of how to request access to the information that we hold about you.
In general, the GDPR gives individuals a right to access the personal data an organisation is processing about them, unless an exemption applies. This is called a Subject Access Request and you can make a request to us to access your personal data and information.
A Subject Access Request for personal information can be made by any of the following methods:
Post: You can download a copy of our Subject Access Request Form for completion and return by post, by using the link below.
Subject Access Requests must include your name and contact address, and should describe the information you want to obtain.
In responding to your request, we will ask you for evidence of your identity and the relevant fee. We may also ask you to provide some details of the information you require, to help us understand what information you are seeking and where the data may be held.
We will reply to your request within 1 month of receiving evidence of your identity and the Subject Access Request fee. We will give you access to all the information you have asked for unless
- an exemption applies to some or all of it (see below)
- there is information about someone else included with your own information and it is necessary to withhold some or all of it
We will not
- ask you why you want the information or what it will be used for
- ask you to keep what we have told you confidential
- refuse any request unless an exemption applies
Providing information to you might affect the rights of other people. For instance it might include personal data about other people. If so, we may contact them to help us decide whether the information should not be disclosed. We will normally provide a copy of the information you require, but in some circumstances, if there is a large volume of information, we may invite you to view the information at the Civic Offices.
When applying for a special service or benefit provided by the Council, it is often necessary to supply particular information or personal documents to support an application or claim. This may be, for example, to provide evidence of identity, residence or financial status etc.
The minimum standards that will be applied in relation to the return of personal information and documents containing personal data, which are submitted by post or hand-delivered in connection with an application or claim for a service or benefit, are set out in our Personal Information and Documents Protocol, which can be downloaded using the link below.
Section 29 of the Data Protection Act 1998 allows the Council to share personal data about you with the police and other investigative agencies without your consent, where information is required:
- for the prevention or detection of crime
- for the apprehension or prosecution of offenders
- for the assessment or collection of tax or duty
The disclosure of personal information to the police or other agencies is not compulsory, and will only be made where one or more of these circumstances apply and non-disclosure would prejudice an investigation into one of the above, or where the Council is served with a Court Order requiring the disclosure of the information.
Requests for the disclosure of personal information in connection with any of the above circumstances must fully comply with the Council’s protocol for the handling of data sharing requests, which can be downloaded below.
In particular, all requests must
- be submitted on the headed paper of the organisation requesting the personal data
- state the section of the Act under which the request is made, or any other statutory basis for disclosure that is considered to apply (if appropriate)
- specify in as much detail as possible, the type and nature of the personal data that is sought
- state, in as much detail as possible in the particular circumstances, the purpose(s) for which the personal data is required
- state (if it is the case) whether a failure to disclose the required personal data would prejudice the purpose(s) for which the information is requested
- be signed by the requestor and be countersigned by an appropriate supervisor, and provide the names, positions and full contact details of both, including addresses, telephone numbers and secure (GCSX, PNN, GSI etc.) email addresses
All requests for the disclosure of personal data must be made in writing. The Council will not accept any request made orally or by telephone.
This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds, in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Information from the Cabinet Office (GOV.UK)
- National Fraud Initiative
- Code of data matching practice for the National Fraud Initiative
- Fair processing
Requests for all other types of data, which is not personal information, is dealt with under the provisions of the Freedom of Information Act 2000. For further information please visit our Freedom of Information page.
If you are not happy with how we handle your request for personal information, you can make a complaint through our compliments and complaints scheme.
If you are still not satisfied, you can contact the Information Commissioner. The Information Commissioner is an independent official appointed to oversee the Data protection Act 1998. Further information can be found on the Information Commissioner's Office website.