Data Protection Act
What is Data Protection?
The purpose of the data protection legislation is to protect people's personal information from misuse by placing controls on organisations and people who handle personal information. The legislation is the Data Protection Act 1998 (DPA).
The DPA covers all processing of personal data which includes the collection, storage, use and disclosure of personal data. The Council must comply with the DPA in respect of all the personal information that it holds about individuals whether they are an employee, elected member or a member of the public.
The eight principles
The Data Protection Act states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for specified and lawful purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection.
Definitions
The DPA contains a number of terms. The key ones are defined below.
Personal data - Personal data is data about a living individual who can be identified from that data alone or from that data and any other data which the Council holds or is likely to hold in the future.
Sensitive Personal Data - Personal data which contains information with regards to:
- racial or ethnic origin
- political opinions
- religious or similar beliefs
- membership to a trade union
- physical or mental health
- sexual life
- commission or alleged commission of an offence
- legal proceedings or sentencing for any offence.
Data Controller - Is the person or organisation that determines what personal data is used for and how it is processed. The Council is a data controller.
Data Processor - Is a person or organisation which processes personal data on behalf of the data controller but does not decide how the data is used.
Data Subject - An individual who is the subject of the personal data.
Processing - Processing is very broad it includes all actions in relation to personal data such as collecting, recording, holding, organising, adapting, altering, retrieving, consulting, using, disclosing, storing, erasing, destroying, blocking, and disseminating.
How can the public access information held about them?
The act allows members of the public to find out what information we hold about them. This is known as the Right of Subject Access and can be exercised by submitting a Subject Access Request.
The act entitles the individual to receive the following information: -
- a description of the data;
- an explanation of why the data is being held;
- an explanation of who the data may be given to;
- a copy of the data with any technical terms explained;
- an explanation as to the source of the data
- an explanation as to how (if any) automated decisions taken about them have been made.
If you wish to make a Subject Access Request, you must:
- make your request in writing, preferably using the Subject Access Request Form which can be downloaded below. This will allow us to locate the information you require and confirm your identify.
- pay a fee of £10 (there is no charge for students, pensioners, staff, benefit claimants and those on income support). Please provide suitable evidence in support of this.
We will respond to your request within the statutory 40 calendar days.
Subject Access Request - Application Form 
(PDF: 77KB)
Further information
Governance Officer
Corporate Governance
London Borough of Barnet
North London Business Park
Building 4
Oakleigh Road South
London N11 1NP
Tel: (020) 8359 2029
email: data.protection@barnet.gov.uk
Email this pageLast modified by: Lucy Wicks on 18/02/2011