The council's major policies and strategies - Data protection policy

Policy summary:
There are eight data protection principles. The first five state that personal data must be:

- Processed fairly and lawfully
- Obtained for specific and lawful purposes
- Adequate, relevant and not excessive for the purposes
- Accurate and kept up to date
- Kept no longer than is necessary for its purposes

The sixth principle is that: 'All data must be processed in accordance with the rights of the subject under the Act'.

The rights of the subject are:
- a right of access to a copy of the information comprised in their personal data;
- a right to object to processing that is likely to cause or is causing damage or distress;
- a right to prevent processing for direct marketing;
- a right to object to decisions being taken by automated means;
- a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to claim compensation for damages caused by a breach of the Act

Principles seven and eight state that:

- Technical and organisational measures shall be taken against unauthorised processing of personal data and against accidental loss, destruction of, or damage to personal data.
- Personal data shall not be transferred to a country outside the European Economic Area without guarantees of adequate protection.
Read the full policy: