Data Protection

Wealden District Council provides a wide range of services to many people and to provide those Services, the Council may record information about you and the services that you receive. In keeping our records, we are obliged to comply with:

General Data Protection Regulations 2016 (GDPR)

The General Data Protection Regulation (“GDPR”) is a Regulation (EU) 2016/679 of the European Parliament and of the European Council of 27 April 2016 that is designed to protect personal data and enhance individual rights. This covers information about any natural person, no matter how it is used, what it is used for or who uses it.

Data Protection Act 2018 (DPA)

The Data Protection Act controls how your personal information is used and is the UK’s implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

  • race
  • ethnic background
  • political opinions
  • religious beliefs
  • trade union membership
  • genetics
  • biometrics (where used for identification)
  • health
  • sex life or orientation

How does the GDPR and DPA protect personal data about you?

The GDPR and DPA sets rules and conditions which we must obey when obtaining and processing information about you. They also provide you with certain rights, which must be respected.

Your rights

Under the Data Protection Act 2018, you have the right to find out what information the Council holds about you. This includes the right to:

  • be informed about how your data is being used
  • access personal data
  • have incorrect data updated
  • have data erased
    stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)
  • object to how your data is processed in certain circumstances

You also have rights when an organisation is using your personal data for:

  • automated decision-making processes (without human involvement)
  • profiling, for example to predict your behaviour or interests

For further information about your rights and how you can exercise them, please view our Data Subject Access Rights web page.