General Data Protection Regulation (GDPR)
West Lancashire Borough Council has a robust approach to data protection and we're proud of our track record.
On Friday 25th May 2018, the GDPR came into force. The following pages are designed to help you understand this change in law and how it affects you:
- What is the GDPR?
- Data Protection Officer
- What has the Council done about the GDPR?
- What are my Rights?
The GDPR and Data Protection Act 2018 (‘DPA’) have brought enhanced requirements on how the Council handles your personal data. The GDPR is a new European law which, together with the DPA, gives you more control over your data.
The Information Commissioner has provided a helpful guide to the General Data Protection Regulation.
1.1 What is Personal Data?
The GDPR and DPA apply only to ‘personal data’, which is anything that can identify a living person, either directly or indirectly.
Special categories of personal data reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, or is about sex life or sexual orientation or health, including genetic and biometric data. The Council now needs to comply with more safeguards when processing these kinds of data.
1.2 How does GDPR affect me?
The rights that you have about how your personal data is handled and stored by the Council have been changed and enhanced.
The GDPR ensures that any personal data we hold must be:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which it is being processed.
- Kept secure.
The GDPR also places obligations on the Council to demonstrate how we are complying – see What has the Council done about the GDPR? for more information on this
Under the GDPR, the Council must have a Data Protection Officer who is responsible for assisting on data protection matters and available to contact by members of the public.
Our Data Protection Officer can be contacted at firstname.lastname@example.org or on 01695 583226
The Council is committed to ensuring that we comply with the GDPR and has carried out the following to demonstrate this commitment:
Staff training has been rolled out across the Council.
An audit of all of the data the Council collects and holds has been carried out to ensure all the action needed to ensure compliance is noted and carried out.
Detailed privacy notices are issued each time we gather new data to inform you of how we will handle your data and your rights. These will be provided by the Section which collected the data and will link to our Corporate Privacy Notice.
We have amended our contract clauses to meet the GDPR standards and will require all contractors and third parties to demonstrate that they meet the requirements for data handling too.
We have a large suite of internal Policies and Procedures which have been reviewed and amended to reflect the changes under the GDPR and DPA. Our Data Protection Policy can be found here.
- What are my Rights?
You have the following rights under the GDPR:
Right to be Informed
Right of Access
Right to Rectification
Right to Erasure
Right to Restriction
Right to Portability
Right to Object
Right to Object to Automated Decision Making
Right to Withdraw Consent
Right of Complaint
Right to Judicial Remedy
Right to Compensation
We will respond to your request to exercise any of your rights without undue delay and within one month of your request. If this is not possible due to the complexity or number of the request(s), we will let you know and may extend the timescale up to a total of three months in certain circumstances.