Thanet District Council Data Protection Policy
Thanet District Council provides a wide range of services to many people. The Council may record information about you and the services that you receive.
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (“GDPR”) is a Regulation (EU) 2016/679 of the European Parliament and of the European Council of 27 April 2016 that is designed to protect personal data and enhance individual rights. This covers information about any natural person, no matter how it is used, what it is used for or who uses it. It comes into force on 25 May 2018.
What of the Data Protection Act 2018?
The Data Protection Act 2018 (the “Act”) replaces the Data Protection Act 1998. Its main provisions will commence on 25 May 2018. The Act aims to update the data protection laws to ensure they are fit for purpose in the years to come. The new Act supplements the GDPR.
How does the GDPR and Act protect personal data about you?
The GDPR and Act sets rules and conditions which organisations must obey when obtaining and processing information about you. They also provide you with certain rights, which must be respected.
What are your rights to accessing your personal records under the GDPR?
Your rights to access your personal record would depend on the legal basis the council obtained, and is processing your data. The Council provides a wide range of services and relies on different legal bases under the GDPR for processing personal data. Bearing these in mind, you have the following rights:
- You have the right to ask the council whether it holds personal information about you;
- To be given a description of the personal data, any available detail as to the source of that information, details about the purposes for which the council uses the information or may be processed and the persons or classes of persons to whom the data has been or may be disclosed;
- To be told the envisaged period for which the data will be stored or, if not possible, how it will be decided when it will be destroyed;
- You have the right to erasure which is also known as the ‘right to be forgotten’. This enables you to request the deletion or removal of personal data where there is no compelling reason for its continued processing by the council;
- You may request that the council stops processing your personal data in relation to specific council service. When processing is restricted, we are allowed to store the personal data but not further process it;
- You have the right to object to processing in certain circumstances. We must stop processing the personal data unless we can demonstrate compelling reason for the processing, which override the public interests, your personal interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims by/against council;
- You the right to withdraw consent at any time. But do note that if you withdraw your consent it may be that another reason for processing can be relied on by the council such as public interest;
- You are entitled to request access to and a copy of any information we hold about you;
- If you find that the information the council holds about you is no longer accurate, you have the right to ask to have this corrected; and
- You have the right to see CCTV images of yourself and be provided with a copy.
Why does the Council keep personal information?
So that the Council can provide you with the services you require. For example, the Council administers council tax, benefits, planning and housing services and needs to maintain a record of the services provided.
Anyone with whom the Council has contact may need to give some basic information about themselves, and their personal and family circumstances. Some people also have to give information about their financial situation. This information is put into a file. Other information can be added, for example, if the Council receives information from a doctor or teacher. The file will also include information that you and the relevant service have talked about.
Does the Council need your consent to use information about you for any of these purposes?
In some circumstances we will ask and rely on your consent to use your personal information. However, there are some situations where the law requires us to use information without your consent.
How do you ask to see information about you?
When you want to see your records you need to:
- Write to the Information Governance Team at the address at the end of this guidance.
- Or complete a Subject Access Request Form and send to the Information Governance Team.
- Provide the Council with proof of your identity, and proof of your address and details of the information you require.
- The request is free of charge in most cases. However, in some cases such as where the request is manifestly unfounded or excessive, or where you request for additional copies of your data following an initial request, we may charge a “reasonable fee” for administrative costs.
What information will you receive?
You are entitled to:
- Copies of information that the Council holds about you on both computer and paper records.
- A description of the purposes for which the Council uses your information.
- A list of others who may have seen the information. This will be provided within one calendar month, from the day after we receive the request until the corresponding calendar date in the next month. However, we can extend the time to respond by a further two months if the request is complex or where we have received a number of requests from you. Where this is the case, we will let you know within one month of receiving your request and explain the reason for the extension.
Is there any information that you cannot see?
Information is given to the Council by lots of different people and sometimes this information is given in confidence. The Council must respect the wishes of these people and therefore would need to ask their consent to release this information to you.
Confidential information can include that given to the Council by doctors, the police, teachers and members of the public. The Council can only withhold information according to exemptions in the laws. For example, Data Protection Act 2018 states that we do not have to comply with your request where it is decided that complying would mean disclosing information about another individual who can be identified from that information.
Can other people see your file?
Other people, including members of your family, cannot see your file without your agreement. Likewise, you cannot see information about members of your family without their permission. However those with parental responsibility may see the files of those children who are not of an age to have an understanding of their files. This is on the understanding that the child has not given information that they expect to be kept confidential.
How will you be given the information?
You are entitled to be given a copy to keep and check for accuracy. This will either be a printout from a computer, a photocopy of the paper records or in electronic format if you prefer.
What if you think the information is wrong?
If you think any information recorded about you is wrong, you should inform a member of staff or tell the Council straight away. If the Council does not agree that the information is wrong, you can ask to record your disagreement on your records. You can also appeal to the Information Commissioner or through the courts if the Council does not correct the information. More details can be obtained by contacting the Information Governance Team at the address at the end of this guidance.
What do you do if you think you have not been given all of the information you asked for?
You can contact the Information Governance Team, appeal to the Council through its appeals and complaints procedure or you can appeal to the Information Commissioner. The Commissioner’s staff will look into the matter on your behalf.
What if the Council has breached the GDPR?
The Council is compelled by GDPR to notify the ICO of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet. We will also notify you without undue delay, where the breach is of high risk.
If the Council has broken any of the rules or conditions established by the GDPR and the Act, and you have suffered damage or distress you may be able to claim compensation. You may also be able to claim compensation if the damage or distress was caused by the Council’s processing of your information. Claims are made through the Court. You must be able to prove that the Council had not taken reasonable care.
Please contact us through the help and support section below or alternatively, write to us at:
Information Governance Team
Thanet District Council
PO Box 9
Kent CT9 1XZ
Or email us at: firstname.lastname@example.org