This is the most important principle, if we don’t comply with this anything else we do with someone’s information will be unlawful
Fairly – we need to make it clear to all individuals who we obtain personal information about, who we are, what we want to do with their information and who we might disclose their information to
Lawfully – any information obtained, used, disclosed or destroyed (processed) must be done so lawfully. This means that we need to have a legal power enabling us to process personal information, this could be if someone gives us their permission, for example.
This means that we can only use someone’s information for the purpose(s) outlined in our ‘Notification’ and for the purpose(s) we stipulated at the time of collecting the information.
The council cannot re-use personal information for unrelated purposes without obtaining further consent from the data subject.
Individuals who collect and input data must ensure that the information is adequate, relevant and not excessive for the purpose for which it was obtained. Individual’s have a right of access to information held about them, whether held in a handwritten note, in an email or in a formal document.
This places an obligation on the council to ensure that the personal information we hold is accurate and up to date. This means that we need to review the information we hold about people regularly and change any out of date or inaccurate information.Data is inaccurate for the purpose of the Data Protection Act if it is incorrect or misleading.
You have the right have inaccurate data held about you erased or destroyed and can claim compensation for any damage or distress that has been caused by any contravention of the Data Protection Act.
Personal information must be reviewed on a regular basis and out-of-date or irrelevant information should be deleted or destroyed
One of the rights under the Data Protection Act is ‘Subject Access’. This gives everyone the right to obtain a copy of any personal information held about them (including opinions), subject to certain exemptions. Find out how to make a subject access request or contact the Information Governance Team.
Employees, contractors and agents must keep all personal information secure. Extensive guidance is provided on our staff intranet.
Personal data must not be transferred to a country or territory outside the European Economic Area unless that country or territory can ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.