Data Protection

The Data Protection Act 2018 and General Data Protection Regulation (often referred to as Data Protection legislation) applies to living individuals only. Amongst other rights it gives you the right to know what information is held about you by the Council. It is also designed to ensure that the Council protects personal data about living individuals (data subjects). Data Protection exists to strike a balance between the rights of the individual to privacy and the ability of the Council to carry out its business.
 
Surrey Heath Borough Council takes its role and responsibilities as a data controller (the people who decide what personal data should be processed and why) very seriously and makes every effort to manage personal or sensitive personal data in line with Data Protection legislation and Guidance on Data Handling.
 
Policies
The Data Protection Policy must be followed by all members of staff and Council members.
 
Questions
 
1. What is personal data?
Personal data is information which can identify a living individual. This can include name, address, council tax reference number etc. This can be for employees, customers, suppliers and business contacts.
 
2. Why do you hold personal information about me?
We provide a wide range of services to the Community including Council tax collection, council tax and housing benefits, electoral registration, land charges and licensing and car parks. We need information about you so that we can provide the services you need and for us to maintain records of these services. We will only keep the data for as long as is required. The data collected is used for many different purposes including
 
·         performance monitoring
 
·         budget data
 
·         statistics
 
3. Who is the information shared with?
Information may be shared with other agencies involved in the provision of services to you and between departments of the authority, where you have agreed to this and where we are legally required to do so. Further details can be found in How we use your data. Surrey Heath is part of a Surrey wide information sharing protocol and further information can be found here Surrey County Council - Data Sharing
 
4. What is Surrey Heath's Information Charter?
The Information Charter contains the standards you can expect when we ask for, or hold your personal information. It also covers what we ask of you, to help us keep information up to date.
 
5. What is a Data Security Breach?
 
Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction of or damage to personal data. In December 2014 the Full Council approved a policy and procedure which the Council and its staff will follow in the case of a breach of data security. The Information Governance Manager keeps a log of any incidents.
 
 
6. What rights do I have under the legislation?
The legislation gives you a number of rights.
 
·         Your right to be informed if your personal data is being used
 
·         Your right to get copies of your data
 
·         Your right to get your data corrected
 
·         Your right to get your data deleted
 
·         Your right to limit how organisations use your data
 
·         Your right to data  portability
 
7. Can I see information about other people?
No, you cannot see information about another individual, even if it is a member of your family, unless they have given their permission or you can prove you are their legal guardian or have Power of Attorney. If there is information about a third party in your documents it will be taken out, unless it has been provided in an official capacity
 
8. How do I make a request for information and how much does it cost?
An individual is known as a Data Subject according to the Act. A request for information is called a Data Subject Access Request and the application form and further information on making a subject access can be found here Subject access requests.  You may if you wish, appoint someone else to apply on your behalf such as a parent/guardian or solicitor but require authorisation from you for this to happen. At the bottom of the form there is an area for them to sign. Please provide as much information as possible so that we can locate your information.
 
 
9. Where should I send my request to and get further information?
 
Information Governance Manager
Surrey Heath Borough Council, Surrey Heath House, Knoll Road, Camberley GU15 3HD
 
10. How long will it take for me to receive my information?
On receipt of a completed application form and payment, you will receive an acknowledgement and indication of by when you will receive a reply which will be within a calendar month but if it is complex and/or voluminous it could be extended for up to 2 months.
 
11. What happens if I feel that the Council has breached the Act?
You can contact to the Council's Information Governance Manager who will deal with your request in the first instance. 
 
12. Is any of my information disclosed or made available to a person overseas?
We do not pass any information outside of the UK.
 
13. Where can I get further information on the Data Protection Act?
The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 01625 454 700 www.ico.org.uk