Data Protection Legislation means the General Data Protection Regulation (EU) 2016/679) (GDPR), the Data Protection Act 2018 (DPA18) and all applicable laws and regulations relating to processing of personal data and privacy including, where applicable, the guidance and codes of practice issued by the Information Commissioner.
The Act contains six data protection principles with an overarching accountability responsibility for data controllers to demonstrate compliance with these principles. This means personal data must be processed:
- Lawfully, fairly and transparently
- For specified, explicit and legitimate purposes and not processed in a manner other than the purpose it was collected
- Adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Not kept longer than necessary
- With the appropriate security and protection
Personal data shall not be transferred to countries that do not have an adequate level of data protection. All processing of personal data must be in accordance with the data subject's rights. These include:
- The right to be informed
- The right of access
- The right to rectification
- The right to be forgotten
- The right to restrict processing
- The right to data portability
- The right to object
- The rights in relation to automatic decision making and profiling
- The right to lodge a complaint with the supervisory authority
Further information on how Dover District Council processes and protects your personal information in line with data protection legislation can be found in the links at the bottom of this page.
How to request access to your personal data
You have the right to obtain from us, confirmation as to whether or not personal data concerning you is being processed, and have access to the information we hold. If you would like access to the personal information held about you please make a 'Subject Access Request', which we will respond to within 30 calendar days.
You can exercise any of your data protection rights listed on this page under GDPR Article 15 to 22 by emailing our data protection team at email@example.com
Who is entitled to personal information?
Personal information will only be given to an individual whose data we are processing, identification will be required before we respond to your request. Requests for information about a person other than yourself will be rejected except for the following circumstances:
- If you are a parent of a child under 13, you may request information about your child, but there is no automatic right to your child’s personal data
- A solicitor may request information on your behalf.
What is the process?
Complete the form and send it to the Data Protection Officer (DPO) with proof of identification as requested on the form;
The DPO checks the validity of the request, agrees the scope of the search and sets the 30 day time period when satisfied:
You are sent the results of the review, or in the case of an exceptional number of documents, you may be asked to attend the office to view the documents.
If you are unhappy with the outcome of the review, you can request an assessment of your case by the Office of the Information Commissioner
National fraud initiative
To enable us to tackle fraud and serious crime, all or part of the personal information provided to us by our customers may be disclosed or supplied to external organisations or bodies.
Associated Council Documents/Links
Tel: 01304 872318