The General Data Protection Regulation (GDPR) is a European regulation which came into force on 25 May 2018, and replaces the Data Protection Act 1998 with the Data Protection Act 2018 (DPA).
The council processes a large amount of personal data, is committed to using it fairly, and keeping it safe. This will not change under the new regulation, and information about its information governance can be found below, to provide assurance to both customers and suppliers.
We are committed to handling your personal data in accordance with the principles of the DPA. The DPA also gives rights to individuals to access information held about them and to have inaccurate data corrected or erased.
Under the DPA, individuals have the following rights:
- The right of access - You have the right to obtain confirmation that your data is being processed, as well as access your personal information. Further info can be found at Subject Access Requests
- The right to rectification - You have the right to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure - You have the right to have all your data erased, also known as the 'right to be forgotten.
- The right to restrict processing - You have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances
- The right to data portability - You have the right to obtain and reuse your personal data for any purpose of your own across different services
- The right to object - You have the right to object to processing in some circumstances. The processing must stop unless there is legitimate grounds that override your rights, interests or freedoms, or the processing has been done in regards to a legal claim
To exercise any one of these rights, please complete the form below.
Make a data subject rights request