Data Protection Act 2018 (GDPR)
The Data Protection Act 2018 which incorporates into UK law the General Data Protection Regulation (GDPR) aims to promote high standards in the handling of personal information and to protect the individual's right to privacy. The Act applies to anyone holding information about living individuals in electronic format and in some cases on paper.
Data protection laws protect your privacy and ensure that your personal data is processed fairly and lawfully. Personal data is information that can identify you, such as your name and address, and can cover information the Council may hold about you such as benefits information, for example.
Anyone holding personal information must follow the data protection principles of good information handling, where it must be:
- Processed fairly, lawfully and in a transparent manner
- Collected for specific, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary to meet the purpose
- Accurate and up to date
- Must not be kept for longer than is necessary
- Kept secure to maintain integrity and confidentiality
- Processed in an accountable manner
The Council's Data Protection Officer is Emma Holmes - firstname.lastname@example.org
Further information on the Act can also be found on the Information Commissioner's website.