The Data Protection Act regulates the way we handle and process your personal data that we hold.
New rules on how we collect and process your personal data were introduced on 25 May 2018.
Personal data is information which relates to a living person who can be identified from the information itself, or by linking it with other information. For example, it could be your name and address, a school pupil's record or your own health information.
Processing personal data is the name given to anything that we do with your personal data that we hold. For example, entering your details into our computer systems or storing a completed form in a filing cabinet.
We have a legal requirement to comply with all elements of the Data Protection Act.
Why did the data protection law change?
The reform to the old Data Protection Act (1998) was brought about by the General Data Protection Regulation (GDPR).
GDPR is a European regulation that set out the changes that the UK needed to implement in a new Data Protection Act.
The new data protection law was introduced on 25 May 2018 and forms the basis of a new Data Protection Act (2018).
It gives you more rights and control over how your personal data is handled by organisations, such as the council.
The new data protection law has created one set of rules for everyone in the European Union establishing a unified approach to protecting personal data for all EU individuals.
What changes has the new data protection law introduced?
When the previous Data Protection Act was introduced in 1998, the internet was very new and people didn't understand the full implications of how it could be used - especially when collecting personal information.
As technology continues to develop, new definitions of personal data are being introduced such as your IP computer address or your mobile phone location setting. Your IP address is a label which is used to identify one or more devices on a computer network such as the internet. It is similar to your postal address and is a series of long numbers.
The new Data Protection Act (2018) introduces more safety measures about how your personal data is used by organisations. It includes taking into account new mobile technology which captures personal data - to help you trust how it is processed and shared.
Glasgow City Council has:
- introduced new documenting and processing procedures
- strengthened our rules for deleting and removing personal data
- changed how we communicate with you to be open about what we do with your data
- made sure that we perform privacy assessments for certain customers
- only use the minimum amount of personal data that we need to deliver a service to you
- responded to personal data enquiries within the appropriate timeframe
- notified you, where required, if we lose your personal data and breach the Act.