Data Protection Act

The Data Protection Act gives individuals the right to know what information is held about
them. It provides a framework to ensure that personal information is handled properly.

The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

Should an individual or organisation feel they are being denied access to personal information they are entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner’s Office for help. Complaints are usually dealt with informally, but if this isn’t possible, enforcement action can be taken.

Both Cardiff and the Vale Councils have adopted a formal Data Protection Policy.

For further information contact:

Cardiff Council:
Room 249
County Hall
Cardiff CF10 4UW
Tel: 029 2087 2087
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Vale of Glamorgan Council:
The FOI Unit
Legal & Regulatory Services
Barry CF63 4RU
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

No video selected.