Data protection

General Data Protection Regulations 2018 (GDPR) gives you certain rights, and places legal responsibilities on organisations that process personal information, known as data controllers

How to access your personal information

Subject access request (SAR)

Under General Data Protection Regulations 2018 (GDPR), you have the right to access personal information we hold about you (or someone else, but only if you are acting on their behalf), known as the right of subject access.

There are some instances where we may not be able to release all of the information we hold about you eg if we have received legal advice about your case it is protected by legal privilege, or if information is part of a current investigation or contract negotiation.

You can make a request using the link to the form below. Initially you will be given the opportunity to create a MyAccount (if you don't already have one) which will enable you to track progress of your application. Alternatively you make the request without registering

Make a subject access request

What you need to provide

In order to process your request, you will need to provide a form of identification to verify your identity. For example, a copy of your birth certificate, passport or driving licence.

If you are requesting information on someone else's behalf, you must supply written authority confirming that you are acting on their behalf.

How much it costs

There is no fee.

How long it takes

Under the law we have one calendar month to process your request, however we will aim to reply as quickly as possible.

Rules related to personal information

GDPR states that personal data must be

  1. fairly and lawfully processed
  2. processed for limited purposes
  3. adequate, relevant and not excessive
  4. accurate and up to date
  5. not kept for longer than is necessary
  6. processed in line with your rights
  7. secure
  8. transferred to other countries with adequate protection

As we hold a variety of information about people in the district, we are a data controller and must comply with the eight principles.

When we have to share personal information

We are legally required to protect the public funds we administer and participate in the Cabinet Office's National Fraud Initiative, a data matching exercise to assist in the prevention and detection of fraud.

Data matching involves comparing computer records held by one body against other records held by the same or another body to see how far they match. Computerised data matching allows potentially fraudulent claims and payments to be identified and investigated.

The use of data by the Cabinet Office is carried out with legal authority and does not require the consent of the individuals concerned. It is subject to a code of practice.

Read our Privacy Policy to find out how we use information about you, how we protect your privacy, and what your rights are. 

For further information, visit GOV.UK: Privacy notice: Level 3 full text.