The Data Protection Act (DPA) 1998 is designed to protect against the misuse of personal data. Its principles are to ensure that personal information is:
- Fairly and lawfully processed;
- Obtained and processed for one or more specific purposes;
- Adequate, relevant and not excessive in relation to those purpose(s);
- Accurate, and where necessary kept up to date;
- Not kept longer than necessary;
- Processed in accordance with the data subject's rights;
- Secure against unauthorised and unlawful processing and accidental loss or destruction;
- Not transferred to countries without adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data.
The Act makes provision for individuals to access personal data held about them in any format and to challenge the validity and use of that personal information. Where personal information relates to another individual we may need to seek their consent to release it. If they do not agree, or we cannot contact them and it is unreasonable to release the information without their consent, we may have to withhold the information. There are also additional reasons why information may be withheld which can be found on the Information Commissioner website under the heading 'Your Information Rights.'
The Act requires that we notify the Information Commissioner about what personal information we hold, what purposes we use it for, who we get it from and who we give it to. This notification can help you find out what information we hold about you and therefore what you can ask for. Details can be found on the Information Commissioner's website.
Sometimes we need to share information with other public bodies such as other councils, the health service or the Police. We have signed up to the Gloucestershire Information Sharing Partnership Agreement which outlines the principles and responsibilities which govern the way in which we share data with others.
How to request your personal information
You can request your personal information by sending a data subject access application form to us at Trinity Road, Cirencester, GL7 1PX setting out the details you require plus a cheque for £10 made payable to 'Cotswold District Council'. Alternatively, you can pay in person at the Council Offices in Trinity Road or at Moreton Area Centre. We will normally respond to your request in full within 40 days.
If you are disappointed with the response to your enquiry you can ask us to review our decision and actions. Where we are unable to resolve any differences you can contact the Information Commissioner who is the independent regulator of the Act.
New legislation coming 2018
The General Data Protection Regulation (GDPR) is a European Union regulation that will replace the current Data Protection Act on 25 May 2018.
GDPR has been in development since 2012 by the European Union Parliament and Council to harmonise and strengthen the rights of data subjects across Europe, including when data is transferred to third party countries.
The GDPR enhances some of the rights of individuals that currently exist under the DPA and creates new rights such as the right to be forgotten and the right to erasure.
It also provides for increased accountability and processes to demonstrate compliance. For example, a Data Protection Officer will be compulsory for public authorities and the requirements for consent are now much higher.
All breaches will have to be reported to the Information Commissioners Office within 72 hours and the potential fines for breaches are up to €20 million.
We are working to ensure compliance by May 2018. For further information visit the: