Data Protection

To deliver our services we need to collect, store, use, share and dispose of personal information or data about individuals.

As of 25 May 2018, there are two new legislations that sets out how Dundee City Council handles and processes personal data about you. There are:

The underlying aims from the old 1998 Act remain the same. It gives data subjects (i.e. individuals about whom information is held) certain rights, including the right to access and receive a copy of the information held about them. The Act also required data controllers (i.e. bodies who hold information about individuals, such as the Council) to follow the data protection principles.

The Information Commissioner has wide enforcement powers in relation to the Act and can serve Enforcement Notices on data controllers and fine them. Breaching the Act can also, in certain circumstances, be a criminal offence.

The new legislation requires us to be more transparent about how we use your data. More information can be found in our Privacy Policy page.

Downloads

Data Protection Policy 2019 (98KB MS Word doc)

Notification

Under the Act every organisation which uses or processes information relating to a living individual must formally register with the Information Commissioner’s Office at regular intervals. This is called "notification". The notification to the Commissioner must include details of the type of information held, the source of the information, the purposes for which the information is being held and to whom or what the information is disclosed or released.

Dundee City Council is data controller as it determines how your personal information will be processed. Dundee City Council’s registration number is Z7211936

The notification is currently kept up to date by the Information Governance Manager.

Personal Data

Personal data is information which relates to a living person who can be identified from the information itself, or by linking it with other information. For example, it could be your name and address, a school pupil's record or your own health information.

Roles and Responsibilities

The Information Governance Manager provides advice on data protection, arranges for the provision of training to Elected Members and staff and arranges for Subject Access Requests to be replied to.

Department Heads are responsible for all aspects of compliance with the Act within their departments, ensuring that adequate procedures are in place for records management, back up and storage, management and destruction, where appropriate, of personal data. Each department appoints a data protection representative to co-ordinate compliance with the Act, including security, subject access requests and employee awareness.

Requesting Information

An individual can make a Subject Access Request (SAR) to request their information held by the Council.

Download a Subject Access Request (SAR) application form

Individuals also have rights under the Freedom of Information Act (Scotland) 2002 and the Freedom of Information Act (UK) 2000 – more information on our FOISA page.

Information on GDPR

GDPR E-learning Course

Ian Smail, Information Governance Manager
Corporate Services
21 City Square
Dundee DD1 3BY
Email: infogov@dundeecity.gov.uk
Tel: 01382 434206

Data Protection

Data Protection container

Data Protection content

Related Links

Dundee City Council