Data protection legislation (General Data Protection Regulations and the Data Protection Act 2018) gives you certain rights, including the right to access your personal data, and places legal responsibilities on organisations (such as the council) who process personal information about you.
Data protection legislation says that organisations processing personal information must be open about how it is to be used.
There are 6 data protection principles and by law the council is required to comply with these principles and be able to demonstrate that it does so.
The council's data protection policy sets out how the council aims to comply with its obligations under data protection law, including the 6 principles.
There is also a guide to data subject rights which provides information on the rights that individuals have in respect of their personal data.
- Guide to subject access rights (pdf 568 kb)
How do I request information?
You have the right to apply for a copy of the personal information we hold about you under the Data Protection Act.
The easiest and often quickest way to make a request is by completing the following form. Whilst you don’t have to use our form, it does help us to locate the information you are looking for and verify your details quickly and easily.
- Application for access to personal information (word 38 kb)
What happens after I request access to my information?
We will work with you to make the request reasonable, so you can access the information which is most important to you.
We will ask questions to identify what information you require and what your working and business connections are to it.
We may also ask you to provide further proof of identification. It is important that we do not send personal data to someone pretending to be you, so please do not be offended if we ask for ID.
In all cases, we are required to respond within 1 month of receiving your full request, either with the information required, or with an explanation of any delays.
What can we tell you?
You are entitled to be told whether we are using your personal data, or someone is doing so on our behalf.
You can then be given a description of the data involved; why it is being processed; who it may be disclosed to; the source of the information and the logic behind processing the information.
If no data is held, or the data falls into a category which is exempt from disclosure, you will be notified in writing.
What can’t we tell you?
We may not be able to release some data to you, such as personal data which could prejudice the prevention or detection of crime; legal advice we have been given, or personal data identifying another person without their permission.
We’re not obliged to comply with a request which simply states "I want everything the council holds on me.”
We will also not discuss other people’s details with you, without written and signed authorisation from that person if they are not present.
To discuss someone else's details with you, we will need this signed permission, or a valid legal document such as a power of attorney.
How to report a data breach
To report a data breach, please email firstname.lastname@example.org or write to: Data Protection Officer, East Hampshire District Council, Penns Place, Petersfield, Hampshire, GU31 4EX.
Times we may give your information away
Sometimes we can, or have, to release information about you to our partners, or other professional organisations.
Solicitors may request information for legal proceedings, or the police may make a request to prevent or detect crime.
You can find out how we process personal data by reading our privacy notice.
We currently do not charge for crime requests, but we make a £80 administration charge for requests for legal proceedings.
Access to CCTV footage
You can apply for CCTV footage of you to be released under the Data Protection Act.
Reasons for footage to be released include to assist with criminal proceedings, or to resolve insurance claims after road accidents.