General Data Protection Regulation
What is the General Data Protection Regulation?
General Data Protection Regulation (GDPR) is the legal framework in the EU which came into force on 25th May 2018. Since Brexit the GDPR within the UK has been renamed UK-GDPR.
Alongside the GDPR the Data Protection Act 1998 was amended to become the Data Protection Act 2018. The GDPR and Data Protection Act 2018 work in conjunction with each other to regulate the processing of personal information.
Data Protection Officer
Under the Data Protection legislation, the Council must have a named Data Protection Officer who is responsible for data protection matters and available to contact by members of the public. The Council’s Data Protection Officer is Steve Berry.
If you wish to contact the Data Protection officer, please email DataProtection@blaenau-gwent.gov.uk
What does the legislation mean for me?
The Data Protection legislation changes in 2018 brought in new rights for individuals. More information on this can be found on the ICO website .
In brief, you have the right to know how the data about you has been processed and make requests, in certain circumstances. These are outlined below.
You can view the Council’s Privacy notice on the following link.
To request information we hold about you - subject access requests
Under the legislation everyone can make a written request to the Council for a copy of the information it holds about them. Please only ask for the information you actually need, to save time and allow us to be more efficient. There is generally no fee for requesting your information but in some circumstances we are permitted to charge reasonable costs. You will need to provide proof of your identity and address. Once we receive a valid request we will have a month to provide the information requested which we can extend in some circumstances. We are also permitted to redact or remove some information such as other people’s details or legal advice. All requests to make a Subject Access Request should be sent to dataprotection@blaenau-gwent.gov.uk
The Council’s commitments under GDPR
°¬˛ćAƬ County Borough Council’s commitment to personal data is to ensure that data is:
- Processed lawfully, fairly and in a transparent manner.
- Collected for a specific and legitimate purpose. It will not be used for anything other than this stated purpose.
- Relevant and limited to whatever the requirements are for which they are processed.
- Accurate, and where necessary, kept up to date. Any inaccuracies will be amended or removed without undue delay.
- Stored for only as long as required, as specified on our records retention policy.
- Secured with appropriate solutions, which protect the data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
The Council will demonstrate its compliance with these principles.
The Council’s commitment to processing personal data lawfully
The Council will ensure that it meets the conditions necessary for processing personal data lawfully and will ensure this is adequately recorded. There are a number of ways that processing can be lawful. Consent is one method, but it is important to know that consent is not always required and the Council can lawfully process personal data as long as a condition is met. You can find out more about the conditions on the ICO website.