Data Protection and Subject Access Policy

5. Council staff with Data Protection responsibilities

5.1 All queries about this council policy should be directed to the Data Protection Officer.

5.2 Requests for a subject access request should be made to the Information Governance Team. InformationGovernance@wiltshire.gov.uk (opens new window)

5.3 See also Section17 Right of Access to Personal Data for more details.

6. Data Protection Principles

6.1  The council, as a Data Controller, must comply with the six Data Protection Principles set out in the GDPR. In summary, these state that personal data shall be:

a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
f)  processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

6.2 The Council is responsible for, and must be able to demonstrate compliance with the above principles.