General Data Protection Regulation

Basingstoke and Deane has strict policies on data protection.UK General Data Protection Regulations (UK GDPR) replaced General Data Protection Regulations (GDPR) on 1 January 2021.

How the UK GDPR affects you

The UK GDPR ensures that any personal data the council holds must be:

• processed fairly, lawfully and in a transparent manner
  
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  
• adequate, relevant and limited to what is necessary
  
• accurate and, where necessary, kept up to date
  
• kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which it is being processed
• kept secure

Data Protection Act 2018 (DPA 2018)

DPA 2018 sets out the data protection framework in the UK, alongside the UK GDPR. It specifically covers exemptions to the UK GDPR and the processing of personal data for law enforcement purposes. The Act outlines the requirement for an Appropriate Policy Document (APD) to be in place when processing special category and criminal offence data under certain specified conditions. The council's APD can be found with our privacy statement.

Personal data

Cover any details that can identify a living person, either directly or indirectly, and includes identification numbers, location data and an online identifier.

Your rights

The detailed information can be found on our privacy statement page.

If you are not happy with the handling of your personal data

You have the right to make a complaint to the Information Commissioner’s Office (ICO). You can find out more by visiting the ICO’s website.

For more information on how we collect, use and keep your personal information, please take a look at our privacy statement.