Skip to content

Data Protection

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

How data protection works

Processing personal information

The Data Protection Act states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

  1. Fairly and lawfully processed (used, stored and destroyed)
  2. Processed for limited purposes
  3. Adequate, relevant and not excessive
  4. Accurate and up to date
  5. Not kept for longer than is necessary
  6. Processed in line with your rights
  7. Secure
  8. Not transferred to other countries without adequate protection.

Individual rights

The second area covered by the Data Protection Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

If you feel you are being denied access to personal information you can contact the Information Commissioner for help.

Requesting your information

You can make a 'Subject Access Request' by a written or emailed request.

There is a fee of £10 and you will be asked to prove your identity and address in order for us to complete your request. Once everything is received, you can expect a response within 40 working days.