Where can I find the Data Protection policy?
You can find our Data Protection policy here.
To support our Data Protection policy, we have a set of documents that provide further information on how we report data incidents, and how we assess their impact.
- Data Incident Reporting Policy
- Data Incident Impact Assessment Guidance
What is Data Protection?
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
What are my rights around Data Protection?
Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:
- be informed about how your data is being used
- access personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances
You also have rights when an organisation is using your personal data for:
- automated decision-making processes (without human involvement)
- profiling, for example to predict your behaviour or interests