Data protection is changing on 25 May 2018.
To help you understand what this means please read the following questions and answers. We will continue to update these information pages as we get ready for the change in law.
What is Data Protection?
The current Data Protection Act 1998 regulates the way we handle and process your personal data that we hold.
This will be replaced by a new data protection law, on 25 May 2018, which will introduce new rules on how we collect and process your personal data.
Personal data is information which relates to a living person who can be identified from the information itself, or by linking it with other information. For example, it could be:
- your name and address
- a school pupil's record
- your own health information
Processing personal data is the name given to anything that we do with your personal data that we hold. For example, it could be:
- entering your details into our computer systems
- storing a completed form in a filing cabinet
We have a legal requirement to comply with all elements of the Data Protection Act.
Why is Data Protection changing?
This reform to the existing Data Protection Act (1998) is being brought about by the General Data Protection Regulation (GDPR).
The GDPR is a European regulation that sets out the changes that the UK will need to implement in a new Data Protection Act.
The new data protection law being introduced on 25 May 2018 will form the basis of a new Data Protection Act.
This new Act will replace the existing Data Protection Act and it aims to give you more rights and control over how your personal data is handled by organisations, such as the council.
The new data protection law is creating one set of rules for everyone in the European Union establishing a unified approach to protecting personal data for all EU individuals.
What changes will the new Data Protection Act introduce?
When the current Data Protection Act was introduced in 1998, the internet was very new and people didn't understand the full implications of how it could be used - especially when collecting personal information.
As technology continues to develop, new definitions of personal data are being introduced such as your IP computer address or your mobile phone location setting. Your IP address is a label which is used to identify one or more devices on a computer network such as the internet. It is similar to your postal address and is a series of long numbers.
The new Data Protection Act will introduce more safety measures about how your personal data is used by organisations. It will include taking into account new mobile technology which captures personal data - to help you trust how it is processed and shared.
As a council we will
- introduce new documenting and processing procedures
- strengthen our rules for deleting and removing personal data
- be open with you about what we do with your data
- make sure that we perform privacy assessments for certain customers
- only use the minimum amount of personal data that we need to deliver a service to you
- respond to personal data enquiries within the appropriate timeframe
- notify you, where required, if we lose your personal data and breach the Act.
Under the new rules, as a public body we are also required to appoint a Data Protection Officer. This is a dedicated senior officer who will enforce how we collect and process your personal data in line with the new data protection law.