The Data Protection Act (DPA) 1998 applies to any organisations which hold and process personal information. The act is designed to protect against the misuse of personal data. You can view our Data Protection Policy here.
There are 8 Data Protection Principles, which exist to ensure that personal information is:
- Fairly and lawfully processed
- Obtained and processed for one or more specific purposes
- Adequate, relevant and not excessive in relation to those purpose(s)
- Accurate, and where necessary kept up to date
- Not kept longer than necessary
- Processed in accordance with the data subject’s rights
- Secure against unauthorised and unlawful processing and accidental loss or destruction
- Not transferred to countries without adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data
The Act requires that we notify the Information Commissioner about what personal information we hold, what purposes we use it for, who we get it from and who we give it to.
If you are the subject of personal data held by the council, then you have the right to expect that we will give it due protection, and to know what the information is. If you would like access to personal information held about you by West Lindsey District Council you can make a Subject Access Request, which we respond to within 40 calendar days.
You can make a Subject Access Request by writing to Democratic Services, West Lindsey District Council, Guildhall, Marshall’s Yard, Gainsborough, Lincolnshire, DN21 2NA, with your name and address as much information as possible to help us locate the information you believe to be held about you. You also need to enclose the fee of £10. We may write back to you requesting that you provide proof of identity and address; this is to ensure that personal information held about you is not sent to anyone who is not entitled to access it.
For more information please visit the Office of Public Sector and GOV.UK/Data Protection
New legislation coming on 25 May 2018
The General Data Protection Regulation (GDPR) is a European Union regulation that will supplement the current Data Protection Act on 25 May 2018.
GDPR harmonises and strengthens the rights of data subjects across Europe, including when data is transferred to third party countries. The UK Government has stated that the UK will comply with GDPR even though we will be leaving the EU in 2019.
The new Regulation enhances some of the rights of individuals that currently exist under the DPA and creates new rights such as the right of access, the right to restriction of processing, and the right to be forgotten.
It also provides for increased accountability and processes to demonstrate compliance. For example, a Data Protection Officer will be compulsory for public authorities and the requirements for consent are now much higher.
All breaches which are likely to result in a risk to the rights and freedoms of data subjects will have to be reported to the Information Commissioners Office within 72 hours and the potential fines for breaches are up to €20 million.
We are working to ensure compliance by May 2018. For further information visit the Information Commissioner’s Data Protection Reform website.