The General Data Protection Regulation and the Data Protection Act 2018 have been introduced in order to protect information relating to living individuals and bring the legislation up to date to take in to consideration the new technologies introduced since the 1998 Act. This information can be held either electronically or manually, for example, on a computer or in a filing cabinet.
As an individual you have many rights under the Regulation, these are:
- the right to be informed how your information is being collected and processed
- the right to request a copy of your own personal information
- the right to request the Council to rectify inaccurate information
- the right to request the Council erase information we are not require to process or keep
- the right to restrict the processing of your information
- the right to request your information is passed to another organisation (data portability)
- the right to object to automated decision making and profiling regarding yourself
For more information please refer to the Data Protection Policy and the procedure for your individual rights
Processing Special Category Data
Law Enforcement Processing
Data Protection Impact Assessment (DPIA)
- Use systematic and extensive profiling or automated decision-making to make significant decisions about people.
- Process special category data or criminal offence data on a large scale.
- Systematically monitor a publicly accessible place on a large scale.
- Use new technologies.
- Use profiling, automated decision-making or special category data to help make decisions on someone’s access to a service, opportunity or benefit.
- Carry out profiling on a large scale.
- Process biometric or genetic data.
- Combine, compare or match data from multiple sources.
- Process personal data without providing a privacy notice directly to the individual.
- Process personal data in a way which involves tracking individuals’ online or offline location or behaviour.
- Process children’s personal data for profiling or automated decision-making or for marketing purposes, or offer online services directly to them.
- Process personal data which could result in a risk of physical harm in the event of a security breach.
We consider whether to do a DPIA if we plan to carry out any other:
- Evaluation or scoring.
- Automated decision-making with significant effects.
- Systematic processing of sensitive data or data of a highly personal nature.
- Processing on a large scale.
- Processing of data concerning vulnerable data subjects.
- Innovative technological or organisational solutions.
- Processing involving preventing data subjects from exercising a right or using a service or contract.
We consider carrying out a DPIA in any major project involving the use of personal data.
If we decide not to carry out a DPIA, we document our reasons.
We carry out a new DPIA if there is a change to the nature, scope, context or purposes of our processing.
DPIA process checklistThe Council will:
- describe the nature, scope, context and purposes of the processing.
- ask our data processors to help us understand and document their processing activities and identify any associated risks.
- consider how best to consult individuals (or their representatives) and other relevant stakeholders.
- ask for the advice of our data protection officer.
- check that the processing is necessary for and proportionate to our purposes, and describe how we will ensure data protection compliance.
- do an objective assessment of the likelihood and severity of any risks to individuals’ rights and interests.
- identify measures we can put in place to eliminate or reduce high risks.
- record our decision-making in the outcome of the DPIA, including any difference of opinion with our DPO or individuals consulted.
- implement the measures we identified, and integrate them into our project plan.
- consult the ICO before processing, if we cannot mitigate high risks.
- keep our DPIAs under review and revisit them when necessary.
- will publish on this page DPIAs that are identified as high risk processing or require consultation with the ICO.
- Retention Guidelines for Local Authorities
- Download (305KB - PDF)
- Individuals' Rights Procedure - Guidance for the public
- Download (320KB - PDF)
- Protecting Special Category Data Policy v1.0
- Download (452KB - PDF)
- Law Enforcement (Data Protection) Policy v1.0
- Download (445KB - DOCX)
- Data Protection Policy May 2018
- Download (380KB - PDF)