Data Protection Act

The General Data Protection Regulation (GDPR) and new UK Data Protection Act 2018 extends the rights of individuals and require organisations holding personal data to comply with a new stricter set of rules. It also aims to give people more control over their data.

Further details about the data protection laws and how we comply with them can be found here in our Data Protection Guide for the Public.

Data Protection Principles

There are seven principles under the GDPR to ensure that personal information is handled properly by organisations. They require personal data to be:

  • Processed lawfully, fairly and in a transparent manner
  • Obtained for a specified, explicit and legitimate purpose
  • Adequate, relevant and limited
  • Accurate and, where necessary, kept up to date
  • Kept no longer than is necessary
  • Have appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction of personal data
  • The organisation also has to be able to demonstrate accountability and compliance with the principles.

Subject Access & Information Rights

The GDPR creates new rights for individuals and strengthens existing rights.

You have the following rights regarding your information:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (“be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to automated decision-making, including profiling.

If you wish to request a copy of your information or find out more about your information rights, please refer to the Subject Access & Information Rights Leaflet & Form.

All requests are free of charge. We will respond with the information within 30 calendar days of the request being received, unless it is a complex request, where on such occasions the deadline for responding may require extending by a further two months. However if this is the case, we will let you know within one month from the date of receiving your request.


Subject Access & Information Rights Leaflet & Form

Data Protection Guide for the Public

Freedom of Information Request

Environmental Information Regulations Request  

Related pages

Freedom of Information Act

Environmental Information Regulations (EIR)

Useful links

Information Commissioner's Office

Data Protection Act

Crown Copyright Information

Contact details

Information Officer
Stevenage Borough Council,
Daneshill House

01438 242242

The Information Commissioner Office (ICO) 
Wycliffe House
Water Lane

01625 545700