The Data Protection Act gives individuals a legal right to find out what information is held about them, on paper and electronic media.
Welwyn Hatfield Borough Council holds and processes a considerable amount of information, including personal information, about the residents of this borough. We do this in order to provide our services in the most efficient and effective way that we can. We recognise that we have a duty to treat all the information we hold responsibly and to keep it safe and secure, and process it correctly.
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is the new legal framework which will come into force on 25 May 2018. This will replace the Data Protection Act 1988. The rights that individuals have about how their personal data is handled and stored are changing. You will have the right to know how the data has been processed and make requests, in certain circumstances.
You can find out about the GDPR rights on the Information Commissioner's Office.
Our GDPR Commitment
Welwyn Hatfield Borough Council will ensure that all our data is:
- Processed lawfully, fairly and in a transparent manner.
- Collected for a specific and legitimate purpose. Your data will only be used for the stated purpose.
- Relevant and limited to whatever the requirements are for which they are processed.
- Accurate, and where necessary, kept up to date. Any inaccuracies will be amended or removed without undue delay.
- Stored for as long as required, and in accordance with our records retention policy.
- Secured with appropriate solutions, which protect the data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Welwyn Hatfield Borough Council is committed to protecting your privacy when you use our services. The Privacy notice explains how we use information about you and how we protect your privacy.
Processing Personal Data Lawfully
The council will ensure that it meets the conditions necessary for processing personal data lawfully and will ensure this is adequately recorded. There are a number of ways that processing can be lawful. Consent is one method, but it is important to know that consent is not always required and the council can lawfully process personal data as long as a condition is met.
Subject Access Requests
Under the new law, like now, everyone can make a written request to the council for the information it holds about them. Please only ask for the information you actually need, to save time and allow us to be more efficient. There is a £10 administration charge to make a request but when the new law comes into force, there will be no fee. You will need to provide proof of your identity and address. We will be allowed (as we are now) to remove (redact) information, for example, legal advice or information about other people.
If we are relying on consent to process your data, you can request to withdraw consent or restrict/object to some elements of the processing. The council does not rely on consent on most cases because it has legal duties to do certain tasks. For example, processing planning applications and collecting council tax payments.
Where we rely on your consent as your legal basis to process your personal data, you have the right to withdraw your consent and ask for your data to be deleted. As explained above we will not rely on consent in many cases.
After 25 May 2018, you will have the right to make changes to inaccurate data.
Data Protection Officer
The Council has a Data Protection Officer. Contact the Data Protection Officer
Guidance on the rights of individuals under the Data Protection Act is available from the Information Commissioner's Office.
A copy of the full legislation can be viewed on the legislation.gov.uk website.