The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is the biggest change to data protection law in over 20 years. The regulation is EU law and came into effect on 25th May 2018. A new Data Protection Bill also enacted on the 25th May 2018 incorporates the GDPR, this new legislation will increase the powers of the Information Commissioner and the level of fines for non-compliance. All local councils must comply with the legislation.

“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be given directly using the data itself or by combining it with other information which helps to identify a living individual. The Council takes it's duties towards your privacy and the duties it has under UK legislation very seriously.

The GDPR gives individuals (data subjects) certain rights. It also requires those who record and use personal information (data controllers) to be open about their use of that information and to follow sound and proper practices (the Data Protection Principles). Data controllers are those who control the purpose for which and the manner in which personal data is processed. Data subjects are the individuals to whom the personal data relate.