West Lancashire Borough Council has a robust approach to data protection and we're proud of our track record.
On Friday 25th May 2018, the GDPR came into force. The following pages are designed to help you understand this change in law and how it affects you:
The GDPR and Data Protection Act 2018 (‘DPA’) have brought enhanced requirements on how the Council handles your personal data. The GDPR is a new European law which, together with the DPA, gives you more control over your data.
The Information Commissioner has provided a helpful guide to the General Data Protection Regulation.
The GDPR and DPA apply only to ‘personal data’, which is anything that can identify a living person, either directly or indirectly.
Special categories of personal data reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, or is about sex life or sexual orientation or health, including genetic and biometric data. The Council now needs to comply with more safeguards when processing these kinds of data.
The rights that you have about how your personal data is handled and stored by the Council have been changed and enhanced.
The GDPR ensures that any personal data we hold must be:
The GDPR also places obligations on the Council to demonstrate how we are complying – see 3. What has the Council done about the GDPR? for more information on this.
Under the GDPR, the Council must have a Data Protection Officer who is responsible for assisting on data protection matters and available to contact by members of the public.
Our Data Protection Officer can be contacted at firstname.lastname@example.org or on 01695 58 5161.
The Council is committed to ensuring that we comply with the GDPR and has carried out the following to demonstrate this commitment:
Staff training has been rolled out across the Council.
An audit of all the data the Council collects and holds has been carried out to ensure all the actions needed to ensure compliance are noted and carried out
Detailed privacy notices are issued each time we gather new data to inform you of how we will handle your data and your rights. These will be provided by the Section which collected the data and will link to our Corporate Privacy Notice.
We have amended our contract clauses to meet the GDPR standards and will require all contractors and third parties to demonstrate that they meet the requirements for data handling too.
We have a large suite of internal Data Protection Policies and Procedures which have been reviewed and amended to reflect the changes under the GDPR and DPA.
You have the following rights under the GDPR:
Right to be Informed
Right of Access
Right to Rectification
Right to Erasure
Right to Restriction
Right to Portability
Right to Object
Right to Object to Automated Decision Making
Right to Withdraw Consent
Right of Complaint
Right to Judicial Remedy
Right to Compensation
We will respond to your request to exercise any of your rights without undue delay and within one month of your request. If this is not possible due to the complexity or number of the request(s), we will let you know and may extend the timescale up to a total of three months in certain circumstances.