Toggle menu

Guildford Borough Council and your data

padlock blue

Collecting and using your personal data

Data Protection law sets out legally binding principles for the good handling of personal data about living individuals.

Our policy sets out the standards all Council services must keep to. Each service head makes sure they use personal information lawfully.

We need to collect and use information about people who use our services, including members of the public, clients and customers, current, past and prospective employees and suppliers.

We are also legally required to collect and use information for laws regulating services such as:

  • council tax
  • benefits
  • electoral registration

This can include information about people other than the person applying for a benefit or service. For example to assess Housing Benefit we need information about everyone living in the property. This is to work out how much should be paid.

This personal information must be collected, used and disposed of properly and securely whether it's:

  • on paper
  • in a computer
  • or recorded on other material

Data protection requirements

Data Protection law requires personal information to be:

  1. Processed fairly and lawfully and not processed unless specific conditions are met.
  2. Obtained only for one or more specified and lawful purposes, and not further processed in any manner incompatible with that purpose.
  3. Adequate, relevant and not excessive in relation to the purpose for which it's processed.
  4. Accurate and, where necessary, kept up to date.
  5. Not kept for longer than is necessary.
  6. Processed in accordance with the rights of data subjects under the law.
  7. Protected against unauthorised or unlawful processing, accidental loss, destruction or damage by the use of technical and organisational measures.

Our data protection commitment

We are committed to:

  • Observing conditions regarding the collection and use of information.
  • Specifying the purposes for which the information is used.
  • Collecting and processing information only to the extent needed to fulfil operational/service needs or to keep to legal requirements.
  • Ensuring the quality of information used.
  • Determining the length of time information is held.
  • Ensuring people's rights can be fully exercised under the law. These include the right to:
    • be informed that processing is being undertaken
    • have access to one's personal information
    • prevent processing in certain circumstances
    • correct, block or erase information which is regarded as wrong information
    • Taking appropriate technical and organisational security measures to safeguard personal information.
    • Ensuring that personal information is not transferred abroad without safeguards.

We ensure that:

  • The Data Protection Team takes responsibility for data protection in the organisation.
  • Staff managing and handling personal information are appropriately trained and supervised.
  • Queries about handling personal information are promptly dealt with.
  • Methods of handling personal information are regularly assessed and evaluated.
  • Performance in handling personal information is regularly assessed and evaluated.

For more information, please contact The Data Protection Team or visit the Information Commissioner's website. (opens new window)

On this website Data Protection Law refers to the General Data Protection Regulation and  the Data Protection Act 2018

Cyber Essentials