1. Subject Access Request
The GDPR gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with six principles (Article 5 of the GDPR), which make sure that personal information is:
- Processed lawfully, fairly and in a transparent manner
- Collected and processed for specified, explicit and legitimate purposes and not further processing in a manner that is incompatible with those purposes
- Adequate, relevant, and limited to what is necessary for the purpose
- Accurate and kept up to date
- Not kept for longer than is necessary and subject to appropriate technical and organisation measures to safeguard the rights and freedoms of individuals
- Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing; and
This section explains how we respond to subject access requests under the General Data Protection Regulation (the Act).
It is the Act that explains the rights and responsibilities of those dealing with personal data. All staff are contractually bound to comply with the Act and other relevant council policies.