Data Protection
Information about the Data Protection Act 1998 and how it applies to accessing personal records.
The Data Protection Act 1998 came into force on 1 March 2000.
It sets rules for processing personal information and includes paper records as well as those held electronically.
The Data Protection Act applies to data about identifiable living individuals.
Organisations who decide how and why personal data are processed are known as data controllers, and they must comply with the rules of good information handling (the data protection principles) and the other requirements of the Data Protection Act.
All those working for the data controller, and processing personal data, are known as data processors and have a statutory obligation to comply with the DP Act.
The rules of good information handling – the principles
Anyone processing personal data must comply with the 8 enforceable principles of good practice. They say that data must be:-
- fairly and lawfully processed
- processed for limited purposes and not in any manner incompatible with those purposes
- adequate, relevant and not excessive
- accurate
- not kept for longer than necessary
- processed in line with the data subject’s rights
- held securely
- not transferred to countries without adequate protection
Personal data covers both facts and opinions about the individual, it also includes information regarding the intentions of the data controller towards the individual.
The Data Protection Act makes specific provision for the collection and processing of sensitive personal data.
Sensitive data includes:
- racial or ethnic origin
- political opinions
- religious or other beliefs
- trade union membership
- health
- sex life
- criminal proceedings or convictions.
Sensitive data can only be collected and processed under strict conditions. These include:-
- having the explicit consent of the individual
- being required by law to process the data for employment purposes
- needing to process the information in order to protect the vital interests of the data subject
- dealing with the administration of justice or legal proceedings
Individual Rights
The DP Act gives rights to individuals in respect of personal data held about them by others, these are:-
- right of subject access
- right to prevent processing likely to cause damage or distress
- right to prevent processing for the purposes of direct marketing
- rights in relation to automated decision taking
- right to take action for compensation if the individual suffers damage by any contravention of the Act by the data controller
- right to take action to rectify, block, erase or destroy inaccurate data
- right to make a request to the Information Commissioner for an assessment to be made as to whether any provision of the DP Act has been contravened
Subject Access Requests
If a member of the public asks for subject access (a copy of all their personal data held by the Authority), the request will be referred to the Information Officer:
- David Akehurst
Reigate & Banstead BC
Town Hall, Castlefield Road
Reigate, RH2 0SH - Telephone: 01737 276141
- Email: david.akehurst@reigate-banstead.gov.uk
A fee of £10 is charged for this service to cover administration costs.
Data Protection Policy
You can view the same document here in either Word or PDF format:
Reigate and Banstead Borough Council Corporate Policy for the Data Protection Act 1988 (Word, opens in new window) (61.0kB)
Reigate and Banstead Borough Council Corporate Policy for the Data Protection Act 1988 (PDF, opens in new window) (72.0kB)
Reigate & Banstead Borough Council
Town Hall
Castlefield Road
Reigate
RH2 0SH
01737 276000
customer.services@reigate-banstead.gov.uk
Reigate and Banstead Borough Council is not responsible for the content of external sites.
Help with PDFs
Some pages link to PDF documents. If you have trouble viewing PDFs, get help with pdfs.
