General Data Protection Regulation (GDPR)

Please note that guidance around GDPR is still being issued and this page is regularly being updated. The page will be fully updated by 25 May 2018.

Basingstoke and Deane has strict policies on data protection and we're proud of our track record.

On Friday 25 May the GDPR will come into force. The GDPR is new legislation that will apply across the EU. It replaces the current Data Protection Act and gives you more control over your data. Following the Brexit vote the Government has confirmed the GDPR will still apply to the UK so we’re getting ready to make sure we comply.

The GDPR applies to personal data.

What is personal data?

Personal data is anything which can identify a living person, either directly or indirectly, and includes identification numbers, location data and an online identifier.

How does the General Data Protection Regulation affect me?

The GDPR ensures that any personal data the council holds must be:

  • Processed fairly, lawfully and in a transparent manner.
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which it is being processed.
  • Kept secure.

How is it different to the Data Protection Act?

The GDPR places obligations on organisations that process personal data to demonstrate how they are complying. This includes being clear about the lawful basis for processing. The GDPR identifies the following as being lawful basis and we must make sure all processing of personal information meets one of these criteria:

Consent

If we are processing with your consent we must tell you exactly what you are consenting to. You will always have a choice about whether to give your consent and, if you do, you can withdraw it at any time. As most of what we do is based on legislation, there will be very few instances where we are relying purely on consent.

An example of where we will be processing by consent is if you sign up to receive e-billing for your council tax.

Contract

This will apply where we need to process your personal data to fulfil a contractual obligation to you or because you have asked us to do something before entering into a contract.

For example, if you sign up for the green garden waste service you will be entering into a contract with us.

Legal Obligation

This will apply where we need to process your personal data in order to comply with a common law or statutory obligation.

For example, the collection council tax is a legal requirement.

Vital Interests

This will only apply where the processing is necessary to protect someone’s life. The council would not normally need to rely on vital interests

Public Task

This will apply if we need to process personal data for public functions and powers that are set out in law or to perform a specific task in the public interest that is set out in law. As a local authority, much of our processing will fall under this lawful basis.

An example would be our role in maintaining a housing waiting list or investigating noise or other environmental nuisances

Legitimate Interests

Public authorities, such as the council, cannot use this lawful basis if we are performing our tasks as a public authority.

What are my rights?

You have certain rights relating to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations. You can exercise these rights at any time by contacting us using the contact details below. Your rights are:

Right to be informed

You have the right to be informed about the collection and use of your personal data. We will normally do this by way of privacy notices on forms or on our website.

Right of access

You have the right to request access to the information we hold about you. We have to provide a copy of your information to you free of charge. However, we may be able to charge a reasonable fee if a request is manifestly unfounded or excessive. We can charge a fee if you request further copies of information we have already provided to you. Any fee will be based on the administrative cost of providing the information to you.

Right of rectification or erasure

If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it.

Right of erasure

You have a right to ask us to erase information about you. This right will only apply where:

  • The personal data is no longer necessary for the purpose which we originally collected it for
  • We are relying on consent as the lawful basis for holding the data and you withdraw that consent
  • We are processing the data for direct marketing purposes and you object to that processing

Most of the processing carried out by the council is governed by legislation, which usually includes how long we have to keep your information for. The right of erasure won’t apply where we have a lawful reason to process your data and it is kept in accordance with our retention schedule.Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.

Right to portability

You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller. This right only applies where the processing is based on consent and is carried out by automated means. This is called a data portability request.

Right to object

You have a right to object to our processing your personal data where the basis of the processing is based on the performance of a task in the public interest or exercise of official authority. This right also includes processing for direct marketing.

Right to withdraw consent

Where our processing is based purely on consent, you have a right to withdraw your consent at any time.

Right of complaint

You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk.

Right to opt-out of marketing communications

You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the 'unsubscribe' or 'opt-out' link in the marketing emails we send you. To opt out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.

What if I'm not happy with the way the council is handling my personal data?

You have the right to make a complaint to the Information Commissioner’s Office (ICO). You can find out more by visiting the ICO’s website.

For more information on how we collect, use and keep your personal information, please take a look at our privacy statement.

If you wish to ask us anything about data protection, ask for a copy of your data or you have a complaint about how we have used or looked after your data, you can contact our Data Protection Officer at:

Data Protection Officer
Civic Offices
London Road
Basingstoke
RG21 4AH

Email: dpo@basingstoke.gov.uk

Contact us

  • Contact us online
  • 01256 844844
  • Civic Offices
    London Road
    Basingstoke
    RG21 4AH
  • Opening hours
    Monday to Thursday
    8.30am to 5pm
    Fridays
    8.30am to 4.30pm