The council's major policies and strategies - Data protection policy
- Policy summary:
There are eight data protection principles. The first five state that personal data must be:
- Processed fairly and lawfully
- Obtained for specific and lawful purposes
- Adequate, relevant and not excessive for the purposes
- Accurate and kept up to date
- Kept no longer than is necessary for its purposes
The sixth principle is that: 'All data must be processed in accordance with the rights of the subject under the Act'.
The rights of the subject are:
- a right of access to a copy of the information comprised in their personal data;
- a right to object to processing that is likely to cause or is causing damage or distress;
- a right to prevent processing for direct marketing;
- a right to object to decisions being taken by automated means;
- a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to claim compensation for damages caused by a breach of the Act
Principles seven and eight state that:
- Technical and organisational measures shall be taken against unauthorised processing of personal data and against accidental loss, destruction of, or damage to personal data.
- Personal data shall not be transferred to a country outside the European Economic Area without guarantees of adequate protection.
- Read the full policy: