The Data Protection Act gives legal rights to individuals (data subjects) in respect of personal data held about them.
Purpose of the act
The Data Protection Act 1998 is designed to cover the collecting, storing, processing and distribution of personal data. It gives rights to individuals about whom information is recorded.
This applies to all individuals whether they are an employee, elected member or a member of the public. Each individual has the right to access personal data, prevent processing likely to cause damage or distress and prevent processing for the purposes of direct marketing.
They also have rights in relation to automated decision taking, to take action for compensation if they suffer damage by any contravention of the act by the data controller, to rectify, block, erase or destroy inaccurate data and to make a request to the Data Protection Commissioner for an assessment to be made of the data controller if they feel that the act has been contravened.
The act places obligations on those who record and use personal data (data controllers). They must be open about the use of such personal data through notification to the Information Commissioner and they must follow sound and proper practices by applying the Data Protection Principles.
Accessing your Personal Information - Subject Access Request (SAR)
What is a Subject Access Request?
Under the Data Protection Act 1998 an individual has the right to request all personal data that a Data Controller (organisation) holds about them by making a subject access request. The Data Protection Act gives Data Controllers 40 calendar days to complete a subject access request. This time starts from when the Council receives a clear request and enough identification to be sure that the request is from the data subject. Once this information has been received the Customer Relations Team will contact you to acknowledge that the 40 day period has started.