Postcode Search
Search site

Data Protection Act 1998

How the Council complies with the Data Protection Act 1998

The Data Protection Act 1998 is designed to ensure that personal information held by the Council is handled securely and correctly in line with the eight Data Protection Principles, shown at the bottom of this page.

The Council is registered to process information by the Information Commissioner and this registration is renewed annually.

Our Data Protection Policy sets out how we will handle your personal information. pdf icon Data Protection Policy [120kb]

Under the Data Protection Act a person has a right to ask for access to information held about them by the Council and a Subject Access Request form is available below or from the Council Offices and Information Points. Information will only be provided once proof of identity has been established although you can authorise an agent to receive the information on your behalf if you wish.

pdf icon Subject Access Request Form [183kb]

There may be a charge for some information requested under the Data Protection Act 1998 and the Freedom of Information Act 2000. Please refer to the Council's Charging Policy for details: pdf icon DPA and FOI Charging Policy [120kb]

The Data Protection Act 1998 only covers access by an individual to personal information held about him/her by the Council. For access to other information please see Freedom of Information Act 2000

The Data Protection Act Principles

First Principle

Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless -
at least one of the conditions in Schedule 2 is met, and
in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Second Principle

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Third Principle

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Fourth Principle

Personal data shall be accurate and, where necessary, kept up to date.

Fifth Principle

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Sixth Principle

Personal data shall be processed in accordance with the rights of data subjects under this Act.

Seventh Principle

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Eighth Principle

Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

For further assistance please contact:
David Clark, Interim Data Protection Officer, Mendip District Council, Cannards Grave Road, Shepton Mallet, BA4 5BT
Tel: 01749 341539


The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113

Last modified: 11 July 2017