General Data Protection Regulations (GDPR)
What is GDPR?
GDPR stands for the new EU General Data Protection Regulations which come into force on 25 May 2018.
The new Regulations will replace the current Data Protection Act (1998).
Chorley Council holds a lot of data about our residents and customers. All services have reviewed that data, and where necessary, have asked for consent to hold your contact details, for example phone numbers and email addresses so the council can continue to get in touch.
To comply with the requirements of GDPR, Chorley Council must seek your permission to hold your personal data or rely upon a lawful basis for processing your personal information.
What do I need to do next?
If you have registered for My Account, you will need to update your preferences next time you log into My Account. You can do this by logging into My Account.
If you receive any e-newsletters, updates or alerts from us then you will need to give your consent to continue to do so. You should have received an email from us asking you to give your consent. If you do not currently receive e-newsletters from us and would like to in the future, please register for My Account and state your preferences.
Consent can be used as a legal basis for processing personal data but it must be freely given, specific, informed and an unambiguous indication of your wishes.
This means that the council must obtain your permission to hold your contact details and use them only to contact you for the purposes you have authorised. It also means that the council has a duty to protect your data.
The GDPR creates new rights for individuals and strengthens existing rights currently in force under the Data Protection Act. These are:
- the right to be informed i.e. the information which needs to be supplied to you at the point of collecting your data.
- the right to obtain access to the personal data held
- the right to have personal data rectified if it is found to be inaccurate or incomplete
- the right to be forgotten i.e. requesting that all data relating to yourself is deleted
- the right to ask for a restriction in respect of the processing of personal data i.e. where you contest the accuracy of the data held and processing is restricted until the accuracy is rectified.
- the right to object to certain types of data processing and to direct marketing
Compliance and breaches
The Information Commissioner can impose fines for breaching GDPR and the council may be fined up to a maximum of 20,000,000 Euros (approximately £17million).