Data protection

UK General Data Protection Regulation (GDPR)

The General Data Protection Regulation 2016 (EU GDPR) was put in place to standardise across Europe, the protection and rights afforded to citizens and to help protect people's personal data. It aims to ensure that people know where their data is held, what it is used for, who it is shared with and how long it will be kept for.

It also obliges organisations to treat people's data correctly, transparently and have systems in place for managing information.

The UK now applies GDPR as domestic law, and it remains the law applicable throughout the EU. It is augmented by the new UK Data Protection Act, and following the UK exit from the EU the UK GDPR is the primary legislation governing your rights as a data subject, and the data principles and obligations that organisations are required to observe.

The new regulation is the legal framework within which all organisations who are controllers of personal data must operate. It covers all data held about an individual (data subject) in both manual and computerised files.

We are committed to compliance with all requirements of the UK GDPR. We regard the protection of people's personal data as important, not only for improving confidence in us, but for improving the quality of service provided. The council is committed to openness and transparency; meeting our obligations under UK GDPR will help to achieve this commitment.

We will implement and follow procedures that aim to make sure the following people are made aware of their responsibilities and fulfil their duties under the UK GDPR:

  • employees
  • elected members
  • volunteers
  • contractors
  • agents
  • consultants
  • partners
  • other persons that have access to personal data held by or on behalf of us