Data Protection

The Data Protection Act 1998 applies to living individuals only. Amongst other rights it gives you the right to know what information is held about you by the Council. It is also designed to ensure that the Council protects personal data about living individuals (data subjects). Data Protection exists to strike a balance between the rights of the individual to privacy and the ability of the Council to carry out its business.

Surrey Heath Borough Council takes its role and responsibilities as a data controller (the people who decide what personal data should be processed and why) very seriously and makes every effort to manage personal or sensitive personal data in line with the Data Protection Act 1998 and Guidance on Data Handling.

The Data Protection Policy must be followed by all members of staff and Council members.


1. What is personal data?
Personal data is information which can identify a living individual. This can include name, address, council tax reference number etc. This can be for employees, customers, suppliers and business contacts.

2. Why do you hold personal information about me?
We provide a wide range of services to the Community including Council tax collection, council tax and housing benefits, electoral registration, land charges and licensing and car parks. We need information about you so that we can provide the services you need and for us to maintain records of these services. We will only keep the data for as long as is required. The data collected is used for many different purposes including

  • performance monitoring
  • budget data
  • statistics

3. Who is the information shared with?
Information may be shared with other agencies involved in the provision of services to you and between departments of the authority, where you have agreed to this and where we are legally required to do so. Further details can be found in the Fair Processing Statement. Surrey Heath Borough Council is a signatory of the Surrey Multi Agency Information Sharing Protocol. Further details can be found on Surrey County Council's website

4. What is Surrey Heath's Information Charter?
The Information Charter contains the standards you can expect when we ask for, or hold your personal information. It also covers what we ask of you, to help us keep information up to date.

5. What is a Data Security Breach?

Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction of or damage to personal data. In December 2014 the Full Council approved a policy and procedure which the Council and its staff will follow in the case of a breach of data security. The Information Governance Manager keeps a log of any incidents.

6. What rights do I have under the Act?
The Act gives you a number of rights.

  • you are allowed to find out what information we hold about you on computer and in some paper records
  • you can ask for a copy of the information
  • to ask for incorrect data to be corrected or destroyed
  • the right not to use your personal information for direct marketing
  • the right to prevent your personal data being processed if the processing will cause you or somebody else any unjustified damage or substantial distress

7. Can I see information about other people?
No, you cannot see information about another individual, even if it is a member of your family, unless they have given their permission or you can prove you are their legal guardian or have Power of Attorney. If there is information about a third party in your documents it will be taken out, unless it has been provided in an official capacity

8. How do I make a request for information and how much does it cost?
An individual is known as a Data Subject according to the Act. A request for information is called a Data Subject Access Request and the application form to use is below. You may if you wish, appoint someone else to apply on your behalf such as a parent/guardian or solicitor but require authorisation from you for this to happen. At the bottom of the form there is an area for them to sign. Please provide as much information as possible so that we can locate your information. The fee for a Data Subject Access request is £10. Cheques should be made payable to Surrey Heath Borough Council.

9. Where should I send my request to and get further information?

Mrs Geraldine Sharman
Information Governance Manager
Surrey Heath Borough Council, Surrey Heath House, Knoll Road, Camberley GU15 3HD

10. How long will it take for me to receive my information?
On receipt of a completed application form and payment, you will receive an acknowledgement and indication of by when you will receive a reply which will be within the 40 day statutory period.

11. What happens if I feel that the Council has breached the Act?
You can contact to the Council's Information Governance Manager who will deal with your request in the first instance. Details about the Councils Complaints system

12. Is any of my information disclosed or made available to a person overseas?
We do not pass any information outside of the UK.

13. Where can I get further information on the Data Protection Act?
The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 01625 454 700