Data Protection

The Data Protection Act 1998 which replaced the 1984 Act received Royal assent on 16th July 1998 and came fully into force in 1999.

As with the 1984 Act, the Act gives legal rights to individuals (data subjects) in respect of personal data held about them. The Act gives effect in UK law to EC Directive 95/46/EC (the 'Directive).

Purpose of the Act

The Data Protection Act 1998 is designed to cover the collecting, storing, processing and distribution of personal data. It gives rights to individuals about whom information is recorded.

This applies to all individuals whether they are an employee, elected member or a member of the public. Each individual has the right to access personal data, prevent processing likely to cause damage or distress and prevent processing for the purposes of direct marketing.

They also have rights in relation to automated decision taking, to take action for compensation if they suffer damage by any contravention of the Act by the data controller, to rectify, block, erase or destroy inaccurate data and to make a request to the Data Protection Commissioner for an assessment to be made of the data controller if they feel that the Act has been contravened.

The Act places obligations on those who record and use personal data (data controllers). They must be open about the use of such personal data through notification to the Information Commissioner website  and they must follow sound and proper practices by applying the Data Protection Principles.

A copy of the Data Protection Act (external link) can be viewed at Her Majesty's Stationery Office website.

Principles

There are eight principles put in place by the Data Protection Act 1998 to make sure that your information is handled properly.

They say that data must be:

• fairly and lawfully processed;
• processed for limited purposes;
• adequate, relevant and not excessive;
• accurate;
• not kept for longer than is necessary;
• processed in line with your rights;
• secure; and,
• not transferred to countries without adequate protection.

By law data controllers have to keep to these principles.

Information about you

We need to handle personal information about you so that we can provide services for you. This is how we look after that information. 

If you want to know whether information is held about you and if so what, you will need to write to the person or organisation you believe holds the information. This is known as a 'subject access request'.

You should ask for a copy of all the information held about you to which the Act applies. If you are not sure who to write to within an organisation address your letter to the 'Company Secretary', or contact the contact name given on the register of Data Controllers which is kept by the Information Commissioner (external link).

Here is an example of a letter which you could use.

 

Your address

The date

 

Dear Sir or Madam,

 

Please send me the information which I am entitled to under the Section 7(1) of the Data Protection 1998.

If you need further information from me, or a fee, please let me know as soon as possible.

If you do not normally handle these requests for your organisation, please pass this letter to your Data Protection Officer or another appropriate official.

 

Yours faithfully

 

 

For more information contact dataprotection@chester.gov.uk, or Data Protection Officer. Chester City Council, The Forum, Chester. CH1 2HS. Telephone 01244 402118. Fax 01244 400128.