Data protection

The Data Protection Act (DPA) 1998 is designed to protect against the misuse of personal data. Its principles are to make sure that personal information is:

  1. Fairly and lawfully processed
  2. Obtained and processed for one or more specific purposes
  3. Adequate, relevant and not excessive in relation to those purpose(s)
  4. Accurate, and where necessary kept up to date
  5. Not kept longer than necessary
  6. Processed in accordance with the data subject's rights
  7. Secure against unauthorised and unlawful processing and accidental loss or destruction
  8. Not transferred to countries without adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data

The Act allows individuals to access personal data held about them in any format and to challenge the validity and use of that personal information. Where personal information relates to another individual we may need to get their consent to release it. If they do not agree or we cannot contact them and it is unreasonable to release the information without their consent we may have to withhold the information. For details of additional reasons why information may be withheld please:

The Act requires that we notify the Information Commissioner about what personal information we hold, what purposes we use it for, who we get it from and who we give it to. This notification can help you find out what information we hold about you and therefore what you can ask for. For further details please:

Request your personal information

You can request your personal information by making a Data Subject Access Request by:

  • downloading and filling in the data subject access application form
  • or writing to us

We will normally respond to your request in full within 40 days after we receive your fee, which is currently £10.

If you are disappointed with the response to your enquiry you can ask us to review our decision and actions but where we are unable to resolve any differences you can:

Please download our Access to Information and Data Protection policies from the download section.

New data protection regulation coming 2018

The General Data Protection Regulation (GDPR) is a European Union regulation that will replace the current Data Protection Act on 25 May 2018.

The European Union Parliament and Council have been developing the GDPR since 2012 to harmonise and strengthen the rights of data subjects across Europe, including when data is transferred to third party countries. The GDPR:

  • enhances some of the rights of individuals that currently exist under the DPA and
  • creates new rights such as the right to be forgotten and the right to erasure
  • provides for increased accountability and processes to demonstrate compliance. For example, all public authorities will need to have a Data Protection Officer and the consent requirements are much higher.
  • breaches will have to be reported to the Information Commissioners Office within 72 hours and the potential fines for breaches are up to €20 million.

We are working to make sure that we're compliant by May 2018. For further information visit the:

West Oxfordshire District Council
New Yatt Road
OX28 1PB