Data Protection

This page sets out key data protection information and how the council aims to give you more control over your information. 
Data protection is about ensuring that you, as a data subject, are able to trust that we only use your data fairly and responsibly.

The UK data protection regime is set out in the Data Protection Act 2018, along with the retained EU law version of the General Data Protection Regulation (the “UK GPDR”). 

Whenever we process your personal data, we will ensure that this is only done in accordance with the seven key principles set out in the UK GDPR. Your data will be:

  • processed lawfully, fairly and in a transparent manner; 
  • obtained for a specified, explicit and legitimate purpose; 
  • adequate, relevant and limited;
  • accurate and, where necessary, kept up to date;
  • kept no longer than is necessary;
  • protected with appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction;
  • documented to demonstrate our accountability and compliance with these principles.

The UK GDPR gives you the following individual rights: 

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and 
  • rights in relation to automated decision making and profiling. 

If you would like to make a subject access request for your personal information, please visit our subject access request page
To find out more about your rights and how to enforce them, please see our corporate privacy notice and the Information Commissioner’s Officer page on your rights.  

Our corporate privacy notice sets out the Council's corporate privacy information, however, you may receive a separate privacy notice setting out more specifically what personal data we are seeking from you and why.


This privacy information may be made available to you through a form when you request a service or over the phone when you call us for example. For more information on how we process your personal data for our services please see below:

We are required to maintain an Appropriate Policy Document which outlines our compliance measures and retention for special category and criminal offence data. Our latest Appropriate Policy Document can be accessed here.