Data protection

The Data Protection Act 1998 (DPA) gives you certain rights, and places legal responsibilities on organisations that process personal information, known as data controllers

How to access your personal information

Subject access request (SAR)

Under DPA, you have the right to access personal information we hold about you (or someone else, but only if you are acting on their behalf), known as the right of subject access.

There are some instances where we may not be able to release all of the information we hold about you eg if we have received legal advice about your case it is protected by legal privilege, or if information is part of a current investigation or contract negotiation.

To request personal information that we hold about you, download, complete, and return a SAR form.

pdf icon Subject Access Request form [99kb]

What you need to provide

In order to process your request, you will need to provide a form of identification to verify your identity eg copy of your birth certificate, passport, driving licence.

If you are requesting information on someone else's behalf, you must supply written authority confirming that you are acting on their behalf.

How much it costs

There is no fee.

How long it takes

Under the law we have 40 calendar days to process your request, however we will aim to reply as quickly as possible.

Rules related to personal information

DPA states that personal data must be

  1. fairly and lawfully processed
  2. processed for limited purposes
  3. adequate, relevant and not excessive
  4. accurate and up to date
  5. not kept for longer than is necessary
  6. processed in line with your rights
  7. secure
  8. transferred to other countries with adequate protection

As we hold a variety of information about people in the district, we are a data controller and must comply with the eight principles.

When we have to share personal information

We are legally required to protect the public funds we administer and participate in the Cabinet Office's National Fraud Initiative, a data matching exercise to assist in the prevention and detection of fraud.

Data matching involves comparing computer records held by one body against other records held by the same or another body to see how far they match. Computerised data matching allows potentially fraudulent claims and payments to be identified and investigated.

The use of data by the Cabinet Office is carried out with legal authority and does not require the consent of the individuals concerned. It is subject to a code of practice.

For further information, visit GOV.UK.