Personal data is anything which can identify a living person, either directly or indirectly, and includes identification numbers, location data and an online identifier.
How the UK GDPR affects you
The UK GDPR ensures that any personal data the council holds must be:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which it is being processed.
- Kept secure.
How it differs from the old Data Protection Act
The UK GDPR places obligations on organisations that process personal data to demonstrate how they are complying. This includes being clear about the lawful basis for processing. The UK GDPR identifies the following as being lawful basis and we must make sure all processing of personal information meets one of these criteria:
If we are processing with your consent we must tell you exactly what you are consenting to. You will always have a choice about whether to give your consent and, if you do, you can withdraw it at any time. As most of what we do is based on legislation, there will be very few instances where we are relying purely on consent.
An example of where we will be processing by consent is if you sign up to receive e-billing for your council tax.
This will apply where we need to process your personal data to fulfil a contractual obligation to you or because you have asked us to do something before entering into a contract.
For example, if you sign up for the green garden waste service you will be entering into a contract with us.
- Legal Obligation
This will apply where we need to process your personal data in order to comply with a common law or statutory obligation.
For example, the collection council tax is a legal requirement.
- Vital Interests
This will only apply where the processing is necessary to protect someone’s life. The council would not normally need to rely on vital interests
- Public Task
This will apply if we need to process personal data for public functions and powers that are set out in law or to perform a specific task in the public interest that is set out in law. As a local authority, much of our processing will fall under this lawful basis.
An example would be our role in maintaining a housing waiting list or investigating noise or other environmental nuisances
- Legitimate Interests
Public authorities, such as the council, cannot use this lawful basis if we are performing our tasks as a public authority.
Data Protection Act 2018
The Data Protection Act 2018 sets out the data protection framework in the UK, alongside the UK GDPR. It specifically covers exemptions to the UK GDPR and the processing of personal data for law enforcement purposes.
The Data Protection Act 2018 (DPA 2018) outlines the requirement for an Appropriate Policy Document (APD) to be in place when processing special category and criminal offence data under certain specified conditions. The council's APD can be found with our privacy statement.
You have certain rights relating to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations. You can exercise these rights at any time by contacting us using the contact details below. Your rights are:
- Right to be informed
- Right of access
- Right of rectification or erasure
- Right of erasure
- Right to portability
- Right to object
- Right to withdraw consent
- Right of complaint
- Right to opt-out of marketing communications
Detailed information on each of the rights, including how to exercise them, can be found in the document below:
Exercising Your Data Subject Rights(PDF) [177 kb]
If you are not happy with the handling of your personal data
You have the right to make a complaint to the Information Commissioner’s Office (ICO). You can find out more by visiting the ICO’s website.
For more information on how we collect, use and keep your personal information, please take a look at our privacy statement.
If you wish to ask us anything about data protection, ask for a copy of your data or you have a complaint about how we have used or looked after your data, you can contact our Data Protection Officer at:
Data Protection Officer