The new law extends the rights of individuals and requires organisations holding personal data to comply with a new stricter set of rules.
The GDPR itself, which operates alongside the new Data Protection Act, came into effect on 25 May 2018.
As a result of the current pandemic we are prioritising essential services.
It means it may take longer for us to complete Freedom of Information Requests (FOIs), Environmental Information Regulation requests (EIRs), Subject Access Requests (SARs) and complaints.
The government has confirmed that councils can use discretion on deadlines for responding to requests for information.
The Information Commissioners Office (ICO) is informing people that they may face understandable delays as resources are diverted to other areas.
We're following the ICO's guidance and will keep people informed of any delays and respond as soon as resources allow.
We'll also be keeping up to date on guidance from the ICO as the situation changes to ensure that we comply with any changes or amendments to information rights practice.
We'll aim to treat the following as priorities:
- where information is relatively easy to locate and straightforward to process
- when the request relates to the council's discharge of statutory functions, or is high profile, or relates to a current consultation being carried out by the council
- when the requester has indicated a time sensitive response, such as needing information for court proceedings, meetings, or another significant deadline
During this time we'll acknowledge complaints but will not be able to give a specific response period. Complaints received will be prioritised depending on their content.
Please contact us online where possible. More details are available on our complaints procedure page.
Privacy notices provide information on how we may use your personal information and your rights in accordance with new legislation.
New rights for data subjects
The new rights are:
- the right to correction of your data
- the right to erasure (the right to be forgotten)
- the right to restrict processing
- the right to object to processing
If we are processing your data on the basis of your consent, this must be explicit, freely given and non-ambiguous, you may also withdraw your consent at any time.
Accessing your records
There are new rules for if you wish to exercise your right to access any records we may hold about you.
Mandatory breach notification
In certain circumstances organisations will have to tell the Information Commissioner Office about unauthorised disclosures of personal data as soon as they are discovered. If the disclosure has serious implications for any individuals, they will have to be informed as well.
Find out more about how we report data breaches.
Privacy by design
Organisations should design data protection into development of business processes, new systems and undertake privacy impact assessments (PIAs).
Read more about privacy impact assessments, procedures and guidance.
Data protection officers
A designated post of data protection officer (DPO) will be strategically responsible for GDPR.
Our DPO is Jane Lakin. Our GDPR programme manager is Martin Stone.
More background information is available in the GDPR guidance attached to this page.
The key document being our guidance called 'A guide to the new data protection regime'. This covers the legal basis for processing personal data, advice on privacy notices, advice on consent and procedures for dealing with requests to access personal records and requests relating to individual's rights under the legislation.
Data Protection Officer
Derbyshire County Council