The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data from 25 May 2018.
Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the General Data Protection Regulations (GDPR).
For more information on GDPR please visit the Information Commissioner’s Office website
For information on how the Council uses personal information please take a look at our Privacy Statements.
Under the GDPR, the data protection principles set out the main responsibilities for organisations.
- Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (individual)
- Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accuracy: Personal data shall be accurate and, where necessary, kept up to date
- Storage limitation: Personal data shall be kept in a form which permits identification of data subjects (individuals) for no longer than is necessary for the purposes for which the personal data are processed
- Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures