Information about the General Data Protection Act and its requirements on collecting and storing data
Data Protection law changed on the 25 May 2018. This was at the same time the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was made law in the United Kingdom by the Data Protection Act 2018. This replaced the Data Protection Act 1998 (Directive 95/46/EC).
Like the 1998 Act, the 2018 Act gives legal rights to individuals (data subjects) relating to the personal data held about them.
GDPR aims to strengthen and unify data protection for everybody within the European Union. It will still apply to the United Kingdom after Brexit, but there may be some small changes relating to European transfers of data.
We collect, use and hold data about the people and organisations we work with to conduct our business. This may include members of the public, employees (current, past or prospective), clients, customers, contractors, partners and suppliers. We may also need to collect and use personal data to meet our statutory obligations.
We comply with the six principles of the Data Protection Legislation. This makes sure that personal information is:
Accountability is central to GDPR. The data controller (Fenland District Council) must comply with the principles. We must be able to show this to data subjects and the Information Commissioners Office (ICO).
Ourexplains how we comply with Data Protection Legislation.
Our Fair Processing Notice explains what we do you with your personal information when you make contact with us or use one of our services.
We follow recognised security and information handling codes of practice to ensure personal information is kept securely. The information we collect is stored for a set period of time based on relevant legislation, guidelines or codes of practice. Information on this is stored in our Retention Schedules. When no guidance exists, we work with teams across the Council to decide how long records should be kept.
For more information about the Data Protection Act, please email email@example.com. You can call us on 01354 654321 or 01354 606917 (fax).
You have the right to:
|Access personal data we hold on you|
You can request this at any time. You can ask:
|Correct and update the personal data we hold on you||You can tell us if any of the personal data we hold on you is out of date, incomplete or incorrect. We can then update your personal data.|
|Have your personal data erased|
You can ask us to erase your personal data if you think:
We may not be able to delete it if it is needed to comply with a legal obligation.
|Object to your personal data being processed or to restrict it to certain purposes only|
You can ask us to:
We will contact you to confirm if we can do this. We may have a legal obligation to continue to process your personal data.
|Data portability||You can ask us to transfer your data to another controller. If this is possible, we will do this within a month of receiving your request.|
|Withdraw consent||You can withdraw your consent, which was previously given, to the processing of personal data by email or post. We may not be able to stop processing your personal data if we need it to comply with a legal obligation.|
Under GDPR, you can ask us for:
This is called a Data Subject Access Request. You can ask for this information verbally or in writing.
We must respond to you within one calendar month of receiving your application. In certain cases we can extend this length of time. If this is the case, we will contact you to explain why.
Usually individuals can have access to all personal data held about them. However, we can withhold information if it:
We can refuse requests that are unfounded, excessive and/or repetitive.
You can make a request for someone else. However, we must be sure that they have given you permission to make this request. We will need proof of consent in writing and signed by the other person.
You can only access your information under the General Data Protection Regulation/Data Protection Act 2018. Requests for other people's information, including the deceased, will be managed under the Freedom of Information Act.
Please contact us if you are unhappy with how your complaint has been handled. If you are still unhappy after this you can contact the ICO.