Guildford Borough Council Logo
Page content from http://www.guildford.gov.uk
  • default text size
  • medium text size
  • large text size
About the Data Protection Act


The Data Protection Act 1998 sets out legally binding principles for the good handling of personal information - that is, information about living individuals.

Our policy sets out the common standards all council services must keep to. Each service head must make sure they have 'detailed working procedures' for their service area showing how they make sure they use personal information legally.

Our Data Protection commitment
We need to collect and use certain types of information about the people we deal with so that we can provide council services. The people we deal with includes members of the public, clients and customers, current past and prospective employees, suppliers, and others people we communicate with. 

We are also legally required to collect and use certain types of information to keep to laws regulating council tax and electoral registration, for example.  This personal information must be collected, used and disposed of properly and securely - regardless whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 1998.

We believe the lawful and correct treatment of personal information is very important to the council's successful and efficient performance, and to building trust between the people we deal with and ourselves. We ensure that our organisation treats personal information lawfully and correctly.

To this end the we fully endorse the Principles of Data Protection, set out in the Data Protection Act 1998.
 
The Data Protection principles
Specifically, the Principles require that personal information:

  1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
  2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Shall be accurate and, where necessary, kept up to date
  5. Shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Shall be processed in accordance with the rights of data subjects under the Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

The Standards Adopted
Therefore, Guildford Borough Council will, through management and strict controls:

  • Fully observe conditions regarding the fair collection and use of information
  • Specify the purposes for which the information is used.
  • Collect and process information, only to the extent needed to fulfil operational/service needs or to keep to any legal requirements.
  • Ensure the quality of information used.
  • Determine the length of time information is held.
  • Ensure people's rights can be fully exercised under the Act.  (These include:  the right to be informed that processing is being undertaken:  the right of access to one’s personal information; the right to prevent processing in certain circumstances; the right to correct rectify, block or erase information which is regarded as wrong information).
  • Take appropriate technical and organisational security measures to safeguard personal information.
  • Ensure that personal information is not transferred abroad without suitable safeguards.

In addition, Guildford Borough Council will ensure that:

  • There is someone with specific responsibility for data protection in the organisation.  (Currently, the Nominated Person is the Information Rights Officer).
  • Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice.
  • Everyone managing and handling personal information is trained to do so.
  • Everyone managing and handling personal information is appropriately supervised.
  • Anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public, knows what to do.
  • Queries about handling personal information are promptly and courteously dealt with.
  • Methods of handling personal information are regularly assessed and evaluated.
  • Performance with handling personal information is regularly assessed and evaluated.

You can find more information and advice about data protection in general from the Information Commissioner's website (this page opens in a new window).

Information Rights Officer
Guildford Borough Council
Millmead House
Millmead
Guildford
GU2 4BB

Tel: 01483 444053
Email: iro@guildford.gov.uk

 

Page last modified on 18/09/2009
Address: Guildford Borough Council, Millmead House, Millmead, Guildford, Surrey, GU2 4BB Telephone: 01483 505050