Data Protection – Subject Access Request

The Data Protection Act 1998 requires organisations which handle personal data to collect; process and hold personal and confidential information securely and responsibly. This includes destroying the information safely when it is no longer required.

The Act sets out eight key principles:

• Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
• Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
• Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
• Personal data shall be adequate and, where necessary, kept up to date.
• Personal data shall not be kept longer than is necessary for that purpose or those purposes.
• Personal data shall be processed in accordance with the rights of data subjects under the Act.
• Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
• Personal data shall not be transferred to a country or a territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data.

Process/Procedure/Guidelines

To ensure compliance with the above data protection principles Lochgelly Community Council will:

  • Observe, fully, conditions regarding the fair collection and use of data.
  • Meet its legal obligations to specify the purposes for which data is used.
  • Collect and process appropriate data, and only to the extent that it is required to fulfil operational needs or to comply with any legal requirements.
  • Ensure the quality of the data used.
  • Apply strict checks to determine the length of time the data is held.
  • Ensure that rights of people about whom data is held can be fully exercised under the Data Protection Act. These include:
    • The right to be informed that processing is being undertaken.
    • The right to prevent processing in certain circumstances.
    • The right to correct, rectify, block or erase data which is regarded as incorrect.
    • The right of access to one’s personal data.

Subject Access Requests

The Data Protection Act also allows people to find out what personal information is held by organisations about them by making a Subject Access Request. A SAR can include electronic information and paper records. The organisation must provide the information within 40 calendar days (there are some exceptions to this).

Data Subjects who wish to make a SAR to Lochgelly Community Council will need to provide evidence of their identity. Detailed requests or multiple requests made over a short period of time, may incur a small charge (£10). Fees will be applied on a case by case basis.

A SAR can be made in writing to: Lochgelly Community Council, 47 Small Street, Lochgelly, KY5

Responsibilities

  1. Each Community Councillor has responsibility for ensuring that the information under their control is collected, processed and held in accordance with this policy and the Data Protection Act 1998.
  2. All Community Councillors with access to information have a responsibility to ensure that personal information is properly protected at all times.
  3. All users have a responsibility to report any observed or suspected breach of this Data Protection Policy or related information procedures and guidance.
  4. All incidents must be reported to the Secretary
image_pdfimage_print