The Data Protection Act 1998 is designed to cover the collecting, storing, processing and distribution of personal data. It gives rights to individuals about whom information is recorded.
The Act applies to all individuals whether they are an employee, elected member or a member of the public. Each individual has the right to access personal data, prevent processing likely to cause damage or distress and prevent processing for the purposes of direct marketing.
They also have rights in relation to automated decision taking, to take action for compensation if they suffer damage by any contravention of the Act by the data controller, to rectify, block, erase or destroy inaccurate data and to make a request to the Information Commissioner for an assessment to be made if they feel that the Act has been contravened.
Data protection principles
There are eight principles put in place by the Data Protection Act 1998 to make sure that personal information is handled properly.
These state that data must be:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate
- not kept for longer than is necessary
- processed in line with your rights
- secure
- not transferred to countries without adequate protection
Subject Access Request
Under the Data Protection Act 1998, individuals are entitled to access all of the information held by the Council about themselves. These are known as 'Subject Access Requests'.
If you wish to make a 'Subject Access Request' please make your request in writing, preferably using the form that is available for download via the links on the right. There is a statutory charge of £10 for each data subject access request made.
We will respond with the information within 40 calendar days of the request being received.