Rights for data subjects
The data protection legislation includes extensive rights for individuals and requires organisations holding personal data to comply with a strict set of rules.
Data subjects have the following rights in certain circumstances:
- the right to correction of your data
- the right to erasure (the right to be forgotten)
- the right to restrict processing
- the right to object to processing
If we are processing your data on the basis of your consent, this must be explicit, freely given and non-ambiguous, you may also withdraw your consent at any time.
See more information on your individual rights under GDPR and the Data Protection Act 2018.
Accessing your records
There are new rules for if you wish to exercise your right to access any records we may hold about you.
Privacy notices provide information on how we may use your personal information and your rights in accordance with new legislation.
Mandatory breach notification
In certain circumstances organisations will have to tell the Information Commissioner Office about unauthorised disclosures of personal data as soon as they are discovered. If the disclosure has serious implications for any individuals, they will have to be informed as well.
Find out more about how we report data breaches.
Privacy by design
Organisations should design data protection into development of business processes, new systems and undertake data protection impact assessments (DPIAs).
Read more about privacy notices.
Data protection officers
A designated post of data protection officer (DPO) is strategically responsible for GDPR.
Our DPO is Jane Lakin.
More background information is available in the GDPR guidance attached to this page.
Data Protection Officer
Derbyshire County Council