The General Data Protection Regulation 2016 (GDPR) exists to protect all personal information held by us. It also gives individuals the right to know what information is being held about them. If you need to access this information please submit a Subject Access Request.
The GDPR provides the following rights for individuals
Subject to some legal exceptions you have the following rights:
Data Protection Officer
The Council’s Data Protection Officer is an independent, data protection expert who informs and advises the Council on its data protection obligations, monitors compliance and is the main contact point for data subjects and the Information Commissioner.
The Council’s Data Protection Officer is Francesca Whyley who can be contacted at firstname.lastname@example.org
What does GDPR require us to do?
We must be responsible for, and be able to demonstrate compliance with the 6 data principles. We are required to make sure that personal information held is:
1) processed lawfully, fairly and in a transparent manner;
2) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
3) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
5) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
6) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
We may share your information with other bodies administering or in receipt of public funds for this purpose. There may be times when we will be required to disclose information by law or for the purposes of preventing or detecting crime or in connection with legal proceedings.
Do we need your consent to share information about you?
Not necessarily. Information sharing can take place without your consent, but will be done in a way which is lawful. However, in some cases, information may be shared without you knowing about it, e.g. where telling you about the sharing would be likely to prejudice a criminal investigation.
Personal Information Held
A full list of the types of information held by the Council, known as the 'Register of Notifications' is held by the Information Commissioner.
You can search this list by visiting the Data Protection Public Register. You will need to enter the notification number Z7097798 or you can enter Gedling Borough Council.
We use information about individuals to carry out specific functions for which we are responsible and in turn provide you with services you require.
We are under a duty to protect the public funds that we administer and, to this end, may also use the information that you have provided for: