Toggle menu

Data Protection Act

Information about the General Data Protection Act and its requirements on collecting and storing data

Data Protection law changed on the 25 May 2018. This was at the same time the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was made law in the United Kingdom by the Data Protection Act 2018. This replaced the Data Protection Act 1998 (Directive 95/46/EC). 

Like the 1998 Act, the 2018 Act gives legal rights to individuals (data subjects) relating to the personal data held about them. 

Following the United Kingdom leaving the European Union, the General Data Protection Regulation was adoped as the UK General Data Protection Regulation. 

How we comply with the law and data protection

The UK GDPR aims to strengthen and unify data protection for everybody within the European Union.

We collect, use and hold data about the people and organisations we work with to conduct our business. This may include members of the public, employees (current, past or prospective), clients, customers, contractors, partners and suppliers. We may also need to collect and use personal data to meet our statutory obligations. 

We comply with the six principles of the Data Protection Legislation. This makes sure that personal information is:

  • processed lawfully, fairly and transparently
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate, and where necessary, kept up to date
  • kept in a way that allows data subjects to be identified for no longer than is necessary for the purposes for which the data is processed
  • processed in a manner that ensures appropriate security of the personal data

Accountability is central to the UK GDPR. The data controller (Fenland District Council) must comply with the principles. We must be able to show this to data subjects and the Information Commissioners Office (ICO). 

Our  Data Protection Policy (PDF) [223KB] explains how we comply with Data Protection Legislation. 

Our Fair Processing Notice explains what we do you with your personal information when you make contact with us or use one of our services. 

We follow recognised security and information handling codes of practice to ensure personal information is kept securely. The information we collect is stored for a set period of time based on relevant legislation, guidelines or codes of practice. Information on this is stored in our Retention Schedules. When no guidance exists, we work with teams across the Council to decide how long records should be kept. 

For more information about the Data Protection Act, please email You can call us on 01354 654321 or 01354 606917 (fax). 

Your rights

You have the right to:

Access personal data we hold on you

You can request this at any time. You can ask:

  • why we have that personal data
  • who has access to the personal data
  • where we got the personal data from
Correct and update the personal data we hold on youYou can tell us if any of the personal data we hold on you is out of date, incomplete or incorrect. We can then update your personal data.
Have your personal data erased

You can ask us to erase your personal data if you think:

  • we shouldn't be using it anymore; or
  • we are unlawfully using it

We may not be able to delete it if it is needed to comply with a legal obligation.

Object to your personal data being processed or to restrict it to certain purposes only

You can ask us to:

  • stop processing your personal data; or
  • ask us to restrict the processing

We will contact you to confirm if we can do this. We may have a legal obligation to continue to process your personal data. 

Data portabilityYou can ask us to transfer your data to another controller. If this is possible, we will do this within a month of receiving your request. 
Withdraw consentYou can withdraw your consent, which was previously given, to the processing of personal data by email or post. We may not be able to stop processing your personal data if we need it to comply with a legal obligation. 

Accessing your personal data

Under the UK GDPR, you can ask us for:

  • conformation that your data is being processed
  • access to information we hold about you (and other supplementary information)

This is called a Data Subject Access Request. You can ask for this information verbally or in writing.

We must respond to you within one calendar month of receiving your application. In certain cases we can extend this length of time. If this is the case, we will contact you to explain why. 

Information that may be withheld

Usually individuals can have access to all personal data held about them. However, we can withhold information if it:

  • could affect the way crime is detected or prevented
  • could affect catching or prosecuting offenders
  • could affect assessing or collecting tax or duty
  • identifies other people who have not consented to their information being passed on

Refusing requests

We can refuse requests that are unfounded, excessive and/or repetitive. 

Making a request for someone else

You can make a request for someone else. However, we must be sure that they have given you permission to make this request. We will need proof of consent in writing and signed by the other person. 

Information about a deceased person

You can only access your information under the UK General Data Protection Regulation/Data Protection Act 2018. Requests for other people's information, including the deceased, will be managed under the Freedom of Information Act. 

Complaining about how your request has been dealt with

Please contact us if you are unhappy with how your complaint has been handled. If you are still unhappy after this you can contact the ICO.

Share this page

Share on Facebook Share on Twitter Share by email