Save time, do it online: Pay Apply Report

Data Protection overview

There are times in which we collect and use information when carrying our our work at the council. We only collect, store use or disclose personally identifying information in very specific instances, these are explained in our Privacy Policy.

We maintain a formal registration under the Data Protection Act 1998 that permits us to hold and process personal data. Data provided to the council through our services including this website may be used for any of the Council's statutory purposes.

The Data Protection Act 1998 applies to the processing, holding and deletion of personal data that identifies a living individual. It applies to personal data regardless of the format in which the data is held in, i.e. it applies equally to paper
and electronic records.

The Data Protection Act confers enhanced rights of privacy on the individual and certain obligations on the Data Controller, i.e. the body processing the personal Data. There are eight data protection principles and an individual has
the right to request to see their own information. 

What are the key features of the Data Protection Act?

  • It imposes rules for organisations in the collection, processing, storage, retention and destruction of personal information
  • It protects all recorded personal information (paper and electronic)
  • It gives improved privacy rights to all individuals
  • It is enforced and promoted by the Office of the Information Commissioner

What are the eight data protection principles?

Personal Data must:

  1. be processed fairly and lawfully
  2. be for a lawful and specific purpose
  3. be adequate and relevant and not excessive for the purpose
  4. be accurate and kept up to date
  5. be kept for no longer than necessary
  6. be processed in accordance with subject rights
  7. be kept securely so as to prevent unauthorised access, damage, loss etc
  8. not be transferred outside of European Economic Area without adequate protection being ensured

What are an individual’s rights?

These rights include:

  • The right to access your own information (subject access)
  • The right to prevent processing for the purpose of direct marketing
  • The right to prevent processing likely to cause damage and distress
  • Rights in relation of automated decision making
  • Compensation for failure to comply with the Act
  • The right to request the correction, blocking, erasure and destruction of incorrect information
  • Rights to ask the Information Commissioner to investigate contravention of the Act.

 

Our Data Protection Policy states how we use and store information including customer data.

How do you ask to see your information?

A request to see your own information is called a Subject Access Request.

When asking to see your own information you must provide:

  • your name and address
  • details of the service(s) you are receiving
  • any other information such as date of birth, gender, householder status (eg tenant, owner) you think may help us find your information.  If you have any difficulty with the form, help will be provided. 

Requests must be responded to in more than 40 days from receipt of the request. The Council may charge a fee of up to £10 for responding to a subject access request. Proof of identity may be required.

In principle individuals have a right to be given a copy of all the information contained in their files.

The main exceptions are:

  • If the information on a file identifies other people, ie, That information will be removed unless the third parties have agreed to the disclosure
  • If the disclosure of the information risks serious harm to the physical or mental health of the data subject/ any other person
  • If the individuals entitled to access has expressly asked that some or all of the information should not be disclosed (e.g. to the agent acting on their behalf) or if a third party have provided information on the assumption that it will not be disclosed
  • If it would hinder the prevention and detection of crime or the prosecution or apprehension of offenders to provide the information

When asking to see your own information you must provide:

  • your name and address
  • details of the service(s) you are receiving
  • any other information such as date of birth, gender, householder status (eg tenant, owner) you think may help us find your information.  If you have any difficulty with the form, help will be provided. 

You can also contact us if you think any information about you is inaccurate, incomplete, or if you want to change the sort of information about you that we may have collected.

To make a subject access request either:

The Data Protection Officer
South Lakeland District Council
FREEPOST NAT18106
Kendal
LA9 4BR

How do I manage and safeguard my personal Information?

The Information Commissioner's Office has recently published advice and guidance for members of the public on how to manage and safeguard their own personal information. A Personal Information Toolkit is available directly from the Information Commissioner's website.

What does the Data Protection Act mean for the Council?

In order to fulfil its functions there is a need to collect and use information about people with whom it works, ie, service users, employees, members of the public, suppliers etc. As South Lakeland District Council is a Data Controller it needs to notify the Information Commissioner the purposes for which it collects information. Failure to notify is a criminal offence. It is also needs to ensure that the handling of personal information complies with the Data Protection Principles.