Data protection

The Data Protection Act (DPA) 1998 is designed to protect against the misuse of personal data. Its principles are to ensure that personal information is:

  1. Fairly and lawfully processed
  2. Obtained and processed for one or more specific purposes
  3. Adequate, relevant and not excessive in relation to those purpose(s)
  4. Accurate, and where necessary kept up to date
  5. Not kept longer than necessary
  6. Processed in accordance with the data subject's rights
  7. Secure against unauthorised and unlawful processing and accidental loss or destruction
  8. Not transferred to countries without adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data

The Act makes provision for individuals to access personal data held about them in any format and to challenge the validity and use of that personal information. Where personal information relates to another individual we may need to seek their consent to release it. If they do not agree or we cannot contact them and it is unreasonable to release the information without their consent we may have to withhold the information. For details of additional reasons why information may be withheld please:

The Act requires that we notify the Information Commissioner about what personal information we hold, what purposes we use it for, who we get it from and who we give it to. This notification can help you find out what information we hold about you and therefore what you can ask for. For further details please:

You can request your personal information by making a Data Subject Access Request in writing to us or completing the form which you can download from our download section to the right.

We will normally respond to your request in full within 40 days after we receive your fee, which is currently £10.

If you are disappointed with the response to your enquiry you can ask us to review our decision and actions but where we are unable to resolve any differences you can:

New legislation coming 2018

The General Data Protection Regulation (GDPR) is a European Union regulation that will replace the current Data Protection Act on 25 May 2018.

GDPR has been in development since 2012 by the European Union Parliament and Council to harmonise and strengthen the rights of data subjects across Europe, including when data is transferred to third party countries.

The GDPR enhances some of the rights of individuals that currently exist under the DPA and creates new rights such as the right to be forgotten and the right to erasure.

It also provides for increased accountability and processes to demonstrate compliance. For example, a Data Protection Officer will be compulsory for public authorities and the requirements for consent are now much higher.

All breaches will have to be reported to the Information Commissioners Office within 72 hours and the potential fines for breaches are up to €20 million.

We are working to ensure compliance by May 2018. For further information visit the:

West Oxfordshire District Council
New Yatt Road
OX28 1PB