This website uses cookies to give you the best online experience. If you'd like to know more please read our cookie policy
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
Click on a Council below to view its Privacy Policy.
East Hampshire District Council
This is the “appropriate policy document” for the Councils that sets out how the Councils will protect special category and criminal convictions personal data.
It meets the requirement at paragraph 1 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document be in place where the processing of special category personal data is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection.
It also meets the requirement at paragraph 5 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document be in place where the processing of special category personal data is necessary for reasons of substantial public interest. The specific conditions under which data may be processed for reasons of substantial public interest are set out at paragraphs 6 to 28 of Schedule 1 to the Data Protection Act 2018.
Article 5 of the General Data Protection Regulation sets out the data protection principles. These are the Councils procedures for ensuring that they comply with them.
Principle 1
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
The Councils will:
Principle 2
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
The Councils will:
Principle 3
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The Councils will only collect the minimum personal data that they need for the purpose for which it is collected. The Councils will ensure that the data they collect is adequate and relevant.
Principle 4
Personal data shall be accurate and, where necessary, kept up to date.
The Councils will ensure that personal data is accurate, and kept up to date where necessary. The Councils will take particular care to do this where their use of the personal data has a significant impact on individuals.
Principle 5
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
The Councils will only keep personal data in identifiable form as long as is necessary for the purposes for which it is collected, or where they have a legal obligation to do so. Once they no longer need personal data it shall be deleted or rendered permanently anonymous.
Principle 6
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Councils will ensure that there is appropriate organisational and technical measures in place to protect personal data.
Accountability principle
The controller shall be responsible for, and be able to demonstrate compliance with these principles.
The Councils will:
The Councils will ensure, where special category or criminal convictions personal data is processed, that: