Toggle menu

Data protection and access to information

We are committed to complying with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), and making individuals aware of their rights when using Council services. 

Data Protection legislation 

The Data Protection Act and GDPR sets out 7 key principles we must be able to demonstrate when processing personal data. The legislation states that personal information must be: 

  • used fairly, lawfully and transparently 
  • used for specified, explicit purposes 
  • used in a way that is adequate, relevant and limited to only what is necessary 
  • accurate and, where necessary, kept up to date 
  • kept for no longer than is necessary 
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage 

There is also an accountability principle which means that we are responsible for, and must be able to demonstrate, compliance with the data protection principles. 

For more information about our duties and responsibilities in relation to personal data, you can view our Data Protection Policy.  (PDF) [415KB]

Individuals' rights 

Data protection law gives you a number of rights to control what and how personal information is used by us, including: 

  • the right to be informed 
  • the right of access 
  • the right to rectification 
  • the right to be forgotten 
  • the right to restriction 
  • the right to data portability 
  • the right to object 
  • rights in relation to automated processing. 

Detailed information about each of these rights and how to make a request to exercise these rights can be found on the Individual privacy - your rights  webpage. 

Children's privacy 

Children need particular protection when we collect and processes their personal information because children may be less aware of the risks involved. We consider the need to protect children's privacy from the outset and ensure that fairness and compliance with the data protection principles are central to all processing of children's personal data. Visit the Children's privacy - your rights  webpage to find out more. 

Data Protection Impact Assessments (DPIAs) 

Data Protection Impact Assessments, where required, are used to identify any possible risks associated with processing personal information and put in place measures to eliminate or reduce the potential for harm. This could be by ensuring appropriate security is in place to protect data, that data protection principles are adhered to or that processes are in place to allow individuals to exercise their rights. 

For more information, contact the Information Governance team: 

Privacy concerns 

We are committed to protecting your privacy and ensuring that personal information is processed in compliance with data protection regulations. If you feel that your personal data has been mishandled or have concerns about any aspect of how your data has been processed, contact us: 

Information requests

We receive other requests for information from professionals such as the Police, Social Workers, Department of Work and Pensions etc. These types of requests include, but are not limited to, Annex C and Data Protection (Schedule 2) requests. 

If you require information and are working within a professional capacity you can request information online.

Request information from the council in a professional capacity

If you are a Police Officer requesting information under an Annex C, you need to complete the relevant request form and return this to