Home > Your council > Access to information > General Data Protection Regulation and Data Protection Act

General Data Protection Regulation and Data Protection Act

The General Data Protection Regulation and Data Protection Act 2018 became law on 25 May 2018.

It gives us the responsibility of handling your data securely and ensures that we do not disclose it to other people or organisations without meeting legal conditions that protect your privacy. For example, in some circumstances we may need to ask your permission first.

The Act calls users of personal data ‘data controllers’. Data Controllers, such as the district council, must work within the requirements of the Act when obtaining and using information about you. The Information Commissioner regulates the Act and maintains a public register of data controllers. Detailed information about the Act can be found on the Information Commissioner’s website.

Our Data Protection Policy

We regard the lawful and correct treatment of personal data as vital to maintaining the confidence of the many individuals we deal with. We will treat personal data lawfully and correctly and will comply with the General Data Protection Regulation (GDPR), Data Protection Act 2018 and our Data Protection Policy.

What personal information do we hold?

We hold a wide range of information, some of which is personal.

We collect and hold certain personal data so we can provide you with the services you require. For example, we process data to:

  • Collect Council Tax and Business Rates
  • Collect rent
  • Deliver housing benefit
  • Provide a record of the services provided.

The Information Commissioner maintains a public register of data controllers. Each register entry gives details of the data controller and a general description of what the personal data held is used for.

What are your rights?

Your rights are detailed within the East Suffolk Privacy Notice.

Do we need your consent to use information about you?

Normally, personal data we hold about you has been collected for a specific purpose. However, occasionally consent may be required when using data for a different purpose from that for which it was gathered.

Positive consent is required for any discretional services that we provide to you.

All application forms and requests for your personal information explain why we require the information requested and whether or not we need your consent.

Accessing the information we hold

You can access the information we hold about you by making a Subject Access Request. Requests for information can be made by completing the relevant Subject Access Request form and returning it with identification. This service is free.

What are the rules about dealing with this information?

The General Data Protection Regulation and Data Protection Act 2018 aims to improve your rights.

The Act says that organisations collecting and holding personal information must be open and clear about how it is to be used and with whom it is shared.

Who is entitled to personal information?

As a Data Subject you have the right of access to the personal data held about you by your Council.

In general, personal information will only be given to an individual, and then only with appropriate identification. In addition, requests for information about a person other than yourself may be rejected except in some situations e.g.:

  • Parents may request information about a child under 16 but there is no automatic right to the data
  • A solicitor may request information on behalf of a client

Can I see all the information held by the Council about me?

We aim to provide as much information as we can.

How long will a request take?

Under the Data Protection laws, we must respond to your request within one month. This time period does not start until we have received all information required to process your request.

Complaints and Appeals

If you wish to complain about the way your request has been processed you must first complain to us through our complaints procedure. If you have followed our complaints procedure and are still not satisfied, then you can take your complaint to the Information Commissioner.

Information Security

All personal information held by us is kept securely and is only released in accordance with the General Data Protection Regulation and Data Protection Act 2018.

Partner organisations, contractors and any personal data processors must ensure that information security adheres to the Council's standards.

National Fraud Initiative and Data Matching

We are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative; a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the General Data Protection Regulation and Data Protection Act 2018.

Data matching by the Cabinet Office is subject to a Code of Practice.

Further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.

For further information on data matching at the Council contact the Head of Internal Audit