Data protection law changed on 25 May 2018. To help you understand the new law please read the following questions and answers.
The Data Protection Act regulates the way we handle and process your personal data that we hold.
New rules on how we collect and process your personal data were introduced on 25 May 2018.
Personal data is information which relates to a living person who can be identified from the information itself, or by linking it with other information. For example, it could be your name and address, a school pupil's record or your own health information.
Processing personal data is the name given to anything that we do with your personal data that we hold. For example, entering your details into our computer systems or storing a completed form in a filing cabinet.
We have a legal requirement to comply with all elements of the Data Protection Act.
The reform to the old Data Protection Act (1998) was brought about by the General Data Protection Regulation (GDPR).
GDPR is a European regulation that set out the changes that the UK needed to implement in a new Data Protection Act.
The new data protection law was introduced on 25 May 2018 and forms the basis of a new Data Protection Act (2018).
It gives you more rights and control over how your personal data is handled by organisations, such as the council.
The new data protection law has created one set of rules for everyone in the European Union establishing a unified approach to protecting personal data for all EU individuals.
When the previous Data Protection Act was introduced in 1998, the internet was very new and people didn't understand the full implications of how it could be used - especially when collecting personal information.
As technology continues to develop, new definitions of personal data are being introduced such as your IP computer address or your mobile phone location setting. Your IP address is a label which is used to identify one or more devices on a computer network such as the internet. It is similar to your postal address and is a series of long numbers.
The new Data Protection Act (2018) introduces more safety measures about how your personal data is used by organisations. It includes taking into account new mobile technology which captures personal data - to help you trust how it is processed and shared.
As a council we have:
introduced new documenting and processing procedures
strengthened our rules for deleting and removing personal data
changed how we communicate with you to be open about what we do with your data
made sure that we perform privacy assessments for certain customers
only use the minimum amount of personal data that we need to deliver a service to you
responded to personal data enquiries within the appropriate timeframe
notified you, where required, if we lose your personal data and breach the Act.
Under the new rules, as a public body we were also required to appoint a Data Protection Officer. This is a dedicated senior officer who enforces how we collect and process your personal data in line with the new data protection law.