Search site

Your guide to data protection

In order to operate effectively, the City and County of Swansea Council (the authority) has to obtain certain types of information about persons working and residing in its area.

The information the authority holds on individuals, which identifies that individual is known as personal data; for example, Members, former and current and prospective employees, suppliers, clients/customers and information on an individual which the authority is occasionally required by law to provide to government departments.

The term personal data applies to any material which identifies a living individual for example photographs, CCTV footage, information held on computer disk and most paper records. To ensure that the authority handles personal data lawfully and appropriately it must comply with the Data Protection Act 1998 (the Act) and in particular the 8 Data Protection principles as set out in Part 1, Schedule 1 of the Act. The authority endorses and adheres to the Data Protection principles.

The Data Protection principles require that personal data:

  • Shall be processed fairly and lawfully and in particular shall not be processed unless specific conditions are met
  • Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
  • Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
  • Shall be accurate and when necessary kept up to date
  • Shall not be kept for longer than is necessary for that purpose or those purposes
  • Shall be processed in accordance with the rights of the Data subject under the act
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data
  • Shall not be transferred to a country of territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data

As part of its commitment to maintaining public confidence and the successful operation of this policy, the authority will:

  • Ensure that there is a designated Data Protection Officer with specific responsibility for data protection
  • Ensure that employees handling personal data understand that they are contractually responsible for compliance with the data protection policy and are appropriately trained and supervised for these purposes
  • Formulate a data subject access request procedure for corporate use
  • Conduct a regular review, assessment, evaluation and audit of the way personal data is managed within the authority
  • Ensure that persons making enquiries about personal data are dealt with promptly and are appropriately advised of their rights and the Authority's procedure in making requests for personal data under the Data Protection Act, 1998

Subject access requests

Under the rights of subject access, an individual is entitled to find out what is being held about them.

Individuals are only entitled to their own personal data and not to information relating to other people (unless they are acting on behalf of that person). Neither are they entitled to information simply because they may be interested in it.

Individuals who makes a written request and pays a fee of £10 is entitled to be:

  • told whether any personal data about them is being processed;
  • given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • given a copy of the information comprising the data; and given details of the source of the data (where this is available).

On receiving the request, the City and County of Swansea have 40 days to comply with the request ensuring that they are satisfied to the identity of the person making the request. It may be necessary for the council to obtain further identification prior to disclosure.

To make a subject access request, please download, complete and sign the attached subject access request form and return it with the payment to:

The Complaints Team, Gloucester Room, The Guildhall, Swansea SA1 4PE.

Powered by GOSS iCM