Home > Your Council > Access to Information > The Data Protection Act

The Data Protection Act

The Data Protection Act 1998 gives you the right to see any data we hold on you (with a few exceptions) and to have it corrected if it is not accurate.

It gives us the responsibility of handling your data securely and ensures that we do not disclose it to other people or organisations without meeting legal conditions that protect your privacy. For example, in some circumstances we may need to ask your permission first.

The Act calls users of personal data ‘data controllers’. Data controllers, such as the Councils, must work within the requirements of the Act when obtaining and using information about you. The Information Commissioner regulates the Act and maintains a public register of data controllers. Detailed information about the Act can be found on the Information Commissioner’s website.

Our Data Protection Policy

We regard the lawful and correct treatment of personal data as vital to maintaining the confidence of the many individuals we deal with. We will treat personal data lawfully and correctly and will comply with the data protection principles as set out in the Data Protection Act and our Data Protection Policy.

What personal information do we hold?

We hold a wide range of information, some of which is personal.

We collect and hold certain personal data so we can provide you with the services you require. For example, we process data to:

  • Collect Council Tax and Business Rates
  • Collect rent
  • Deliver housing benefit
  • Provide a record of the services provided.

The Information Commissioner maintains a public register of data controllers. Each register entry gives details of the data controller and a general description of what the personal data held is used for.

Register entries for all the personal data we hold:

What are your rights?

Your rights under the Act are:

  • To ask what personal information we hold about you;
  • To be given a copy of the information (a £10 charge is payable);
  • To be given details about the purposes for which we use the information and of other organisations or persons to whom it is disclosed;
  • To ask for incorrect data to be corrected;
  • To ask us not to use personal information about you for direct marketing, which is likely to cause damage or distress.

Do we need your consent to use information about you?

Normally, personal data we hold about you has been collected for a specific purpose. However, occasionally consent may be required when using data for a different purpose from that for which it was gathered.

Consent is not required where we are obliged under law to assist in the prevention and detection of crime or where the information is required to perform a statutory function such as collection of Council Tax.

All application forms and requests for your personal information explain why we require the information requested and whether or not we need your consent.

Accessing the information we hold

You can access the information we hold about you by making a Subject Access Request. Requests for information can be made by completing the relevant Subject Access Request form and returning it with two forms of ID and the fee of £10.

What are the rules about dealing with this information?

The Data Protection Act 1998 gives you certain rights, and also places legal responsibilities on the councils which holds and processes personal information about you.

The Act says that organisations collecting and holding personal information must be open about how it is to be used and must adhere to the eight principles of the data protection act which state that personal information must:

  • Be processed fairly and lawfully;
  • Only be obtained and processed for specified and lawful purposes;
  • Be adequate, relevant for the purpose, and not excessive;
  • Be accurate and where necessary kept up to date;
  • Not be kept longer than is necessary;
  • Be processed in accordance with the rights of the data subject;
  • Be kept secure;
  • Not be transferred to other countries without adequate protection rights and freedoms of the data subject.

By law the Councils are required to follow these rules.

Who is entitled to personal information?

As a Data Subject you have the right of access to the personal data held about you by the Councils on a computer and in any structured / unstructured manual paper files.

In general, personal information will only be given to an individual, and then only with appropriate identification. In addition, requests for information about a person other than yourself will be rejected except for the following common situations:

  • Parents may request information about a child under 16 but there is no automatic right to the data;
  • A solicitor may request information on behalf of a client.

Can I see all the information held by the Council about me?

We aim to provide as much information as we can, however there may be some exemptions to the release of this information, if this is the case, we will let you know.

How long will a request take?

Under the Data Protection Act, we must respond to your request within 40 days. This time period does not start until we have received all information required to process your request.


There is a fee of £10 for subject access requests, as determined by the Data Protection Act.

Complaints and Appeals

If you wish to complain about the way your request has been processed you must first complain to us through our complaints procedure. If you have followed our complaints procedure and are still not satisfied, then you can take your complaint to the Information Commissioner.

Information Security

All personal information held by Suffolk Coastal District Council and Waveney District Council is kept securely and is only released in accordance with the Data Protection Act.

Correcting the data we hold

If you believe the data we hold about you is incorrect or that there is information that we have not supplied, you must contact us within 21 days of receiving our response to your request.

If we don’t agree that the information is incorrect, you can appeal using the Councils’ normal complaints procedure.

You can also appeal to the Information Commissioner’s Officer if we do not correct the data you ask us to.

National Fraud Initiative and Data Matching

We are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative; a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 pf the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Cabinet Office is subject to a Code of Practice.

Further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.

For further information on data matching at Suffolk Coastal and Waveney District Councils contact the Head of Internal Audit at dataprotection@eastsuffolk.gov.uk