Subject Access Requests
Requesting your personal information under the Data Protection Act
Download the Subject Access request form
Who can request information under the Data Protection Act?
The Data Protection Act 2018 gives you (the Data Subject) the right to apply for a copy of information about yourself. You may, if you so wish, appoint someone (an agent) to apply on your behalf (such as your parent or a solicitor).
How do I make a request?
Your request must include:
- your name
- your address
- a description of the information you wish to obtain
- details of the service(s) you are receiving and any other information (such as date of birth, rent or council tax number) that could help the Council find your information
To ensure confidentiality, we will need evidence which confirms your identity. A copy of a photo id, and proof of your address such as, driving licence or passport, and a energy bill would be acceptable. We keep all information securely, and in accordance with the Data Protection Act.
If you are making a request on behalf of someone else, please include proof of their permission for you to do so, or provide evidence of a power of attorney, court order, or health professional evidence that they are unable to provide consent.
What can I ask for?
The Council cannot and is not, by law, obliged to comply with a Subject Access request on the basis of "What does the Council hold about me?" The Council does not have to respond to broad requests for information.
Please be as specific as possible and ensure that the description of the information you require is clear and detailed to enable us to find the personal information you are seeking.
If we do not have enough information in order to locate what you are seeking, we may come back to you with more questions. Please help us to help you.
What happens when I make a request?
When the Council receives a request for information, we must respond as soon as possible, and not later than one calendar month after receiving your request.
Once your request has been received, the Data Protection Team will liaise with the appropriate area of the Council that holds the information you have requested. The information will be reviewed to establish what information you are entitled to under the Data Protection Act.
Information which identifies other people will not be released, unless they have given their permission.
What does it cost?
Council policy is to provide access to personal information free of charge.
What happens if some or all of my request is refused?
The Council is permitted to withhold information if it falls under one of the exemptions in the Act. If you are unhappy with the decision, you can write to the Information Commissioner to request a review of that decision.
How many requests can I make?
The Council is not obliged to respond to vexatious or repeated requests. This may include repeated requests from the same person for the same information, or requests which are intended to disrupt the Council's work.
What if I think I have not been given all of the information I asked for?
You can appeal to the Information Commissioner. The Commissioner's staff will look into the matter on your behalf.
What do I do if my information is incorrect?
You must write to the Council telling us what information is incorrect and asking for it to be corrected. We must tell you what we have done within 21 days of receiving your request. If the Council does not agree that the information is incorrect, you can ask us to record your disagreement on your records. You can also appeal to the Information Commissioner or to the courts if the Council does not correct the information.
Making a complaint
If you are unhappy with the way your subject access request has been handled you may use the Council's internal complaints process. Information about the internal complaint process is on the page Comments and Complaints.
Following this review, should you still be unhappy with how your information request has been handed, you have a further right to appeal to the Information Commissioner who is responsible for ensuring compliance with the Data Protection Act.