Data Protection and GDPR compliance

The General Data Protection Regulation (GDPR) sets the standards for how personal data should be collected, stored, processed, and distributed.

For council operations and service provision, we collect personal information about individuals such as customers, employees, suppliers, and other business contacts. Compliance with legal requirements necessitates the collection and use of specific personal information. This data, regardless of whether it's stored digitally or on paper, must be managed properly to align with GDPR standards.

For further details, visit the Information Commissioner's Office website.

Your rights under GDPR

Under GDPR, you have the right to access personal data we may process about you, albeit with certain exceptions. Requests for personal data access are known as subject access requests.

Upon making a subject access request, you are entitled to:

  • a description of the data, its processing purposes, and potential disclosures
  • a copy of the data in an understandable format, with clarification of any complex terms
  • any available information about the data's source
  • an explanation of decisions made about you solely through automated means, if specifically requested

This right applies to both electronic and manual data formats, subject to certain limitations.

If your request involves information other than personal data, such as decisions or actions taken by us, it cannot be processed as a subject access request.

For non-personal information requests, see our Freedom of Information pages for details on using our Publication scheme and submitting Freedom of Information requests.