A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

GDPR (Data Protection)

Introduction

This guide sets out how we meet our responsibilities under the Data Protection Act 2018, your rights and how to request information from us.

The Data Protection Act 2018 controls how your personal information is used by us, other organisations, businesses and the government, and is the UK's implementation on the General Data Protection Regulation (GDPR).

We have to follow strict rules called 'data protection principles'. We must make sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There's a stronger legal protection for more sensitive information, such as:

  • race
  • ethnic background
  • political opinions
  • religious beliefs
  • trade union membership
  • genetics
  • biometrics (where used for identification)
  • health
  • sex life or orientation

Our Data Protection Policy gives guidance on how we comply with General Data Protection Regulation (GDPR)

Was this page useful?