How we comply with the requirements of the General Data Protection Regulation (GDPR) and how you can obtain details of personal information we hold about you.
What is personal data?
Personal data is information that can be used to identify a living individual. That information can be in a variety of formats. For example, electronic on a computer, paper in a filing system or in more unusual formats such as CCTV footage.
Why do we collect data about people?
We need to collect personal data to fulfil our functions in relation to the provision of our services (social care, education, environmental services, highways, planning, housing, benefits, licensing etc).
What principles apply to the collection of personal data?
There are six governing principles that must be followed in relation to the processing of data about individuals:
- data must be processed lawfully, fairly and in a transparent manner
- data must be collected and processed for only specific, explicit and legitimate purposes. In other words, we must not collect data for one reason and then use it for something else
- data we hold must be adequate and relevant for its purpose or purposes but not excessive.
- data must be accurate, kept up-to-date and where necessary, erased or rectified in respect of inaccuracies
- we must not keep data for longer than necessary
- data must be kept in a manner that ensures appropriate security, including against unauthorised or unlawful access/processing and against accidental loss, destruction or damage
What rights do I have regarding information that is held about me?
As a Data Subject you have the following rights:
- the right to be informed – you have the right to be given information about how your data is being processed, who it is/will be shared with, for what purpose and how long it will be retained for
- the right of access – you have the right to see or have a copy of your personal data. If providing you with a copy of your personal data would adversely affect the rights and freedoms of others, an extract or summary of the information may be provided instead
- the right to rectification – you have the right to request that your personal data is rectified if it is inaccurate or incomplete
- the right to erasure (‘the right to be forgotten’) – you have the right to request that your personal data is removed to prevent processing in certain circumstances
- the right to restrict processing – you have the right to block or stop processing of your personal data
- the right to data portability – you have the right, when requested, to be provided with your personal data in a structured, commonly used and machine readable format
- the right to object – you have the right to object to processing of your personal data in relation to legitimate interests, direct marketing (e.g. profiling) or for scientific/historical research and statistics
- rights in relation to automated decision making and profiling – you have the right to not be subject to a decision based solely on automated processing, including profiling, which significantly affects you
How do I obtain information about me?
You must make a Subject Access Request (SAR) in writing. Subject Access Request guidance gives further information about submitting a SAR.
If you wish to access CCTV footage held for the Weymouth and Portland area to be used as evidence in an insurance claim or legal proceedings, please note the request must be made by your insurance company or solicitors acting on your behalf. CCTV footage will only be released in these circumstances if the request is made by your insurance company or legal representative.
If you want to know more information about how your data is being processed (right to be informed) please contact our data protection officer.
What can I do if I think that information you hold about me is incorrect?
If you think information that we hold on you is incorrect and you want it rectified, erased or restricted/blocked please contact us using the Individual Rights Form. Further information on completing this form can be found at GDPR individual rights - guidance for requesters.
We must tell you what we have done or intend to do within one month. This can be extended by two months where the request for rectification is complex.
If you do not agree with our decision, you can ask us to record that disagreement for future reference - or you can take the matter up with the Information Commissioner’s Office (ICO).
What can I do if I think that there has been a breach of my personal data?
If you have any concerns about the way that your personal data has been used or if you wish to make us aware of a potential data breach, please inform our data protection officer.
Can I claim any compensation if I think that information about me has been wrongly used?
If you believe that an organisation has not complied with GDPR regulations and has caused you to suffer material or non-material damage, you have the right to apply for compensation via the courts. Any such claim will need to show that the organisation has not taken reasonable care to comply with GDPR. Guidance on compensation can be found on the website of the Information Commissioner's Office