Search site
finger pointing right

Your guide to data protection

In order to operate effectively, Swansea Council (the authority) has to obtain certain types of information about persons working and residing in its area.

The information the authority holds on individuals, which identifies that individual is known as personal data. These individuals include members, former and current and prospective employees, suppliers, clients and customers.

The term personal data applies to any material which identifies a living individual for example photographs, CCTV footage, information held on computer disk and most paper records. To ensure that the authority handles personal data lawfully and appropriately it must comply with the Data Protection Act 1998 (the Act) and in particular the 8 Data Protection principles as set out in Part 1, Schedule 1 of the Act. The authority endorses and adheres to the Data Protection principles.

How long we keep data is important for individuals to know. Data retention periods will be made available for perusal over the coming months.

Information Governance Unit (IGU)

Within the authority, the route for all matters relating to data protection and information management is via the IGU. Their role is to assist all Council Services in achieving and maintaining a position of compliance with Data Protection, Freedom of Information legislation and Environmental  Information regulations.

As the authority collects and processes personal data, we must register with the Information Commissioners Office (ICO) as a data controller in accordance with the Data Protection Act. If data is breached within the Council, then procedures are in place to contain and investigate disclosure. The IGU are responsible for providing staff with tools to ensure they are trained in data protection. A number of elearning courses, videos and posters are at their disposal.

If you need advice or guidance on any related topic from Information Security to Data Protection, please contact us -

Senior Information Risk Owner (SIRO)

The role of the SIRO has been included into the council's information governance to provide board-level accountability and greater assurance that information risks are being addressed. The SIRO ensures that information risks are treated as a priority for all business outcomes. They will plays a vital role in getting the council to recognise the value of its information enabling us to use it effectively.

General Data Protection Regulation (GDPR)

Over the coming months, the Council will be undertaking numerous projects to adopt appropriate policies, procedures and processes to ensure compliance with new GDPR regulations. The basic objective of the GDPR is to enforce stronger data security and privacy rules among organisations when it comes to protecting personal data. It will apply from 25 May 2018. 

Read more about the GDPR and changes we are making here

Subject Access Requests (SARs)

Under the rights of subject access, an individual is entitled to find out what is being held about them. Individuals are only entitled to their own personal data and not to information relating to other people (unless they are acting on behalf of that person). Neither are they entitled to information simply because they may be interested in it.

Individuals who makes a written request and pays a fee of £10 is entitled to be:

  • told whether any personal data about them is being processed;
  • given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • given a copy of the information comprising the data; and given details of the source of the data (where this is available).

On receiving the request, Swansea Council have 40 days to comply with the request ensuring that they are satisfied to the identity of the person making the request. It may be necessary for the council to obtain further identification prior to disclosure.

To make a subject access request, please download, complete and sign the attached subject access request form and return it with the payment to: The Complaints Team, Gloucester Room, The Guildhall, Swansea SA1 4PE.

Freedom of Information (FOI)

The FOI Act 2000 provides public access to information held by public authorities. It does this in two ways:

  • public authorities are obliged to publish certain information about their activities; and
  • members of the public are entitled to request information from public authorities.

As a Council, we have a legal obligation to provide information through an approved publication scheme under FOI. Any information that we make routinely available should be included in our publication scheme. Further information on FOI requests can be found on our website.

The Wales Accord on the Sharing of Personal Information (WASPI)

WASPI provides a framework for service-providing organisations directly concerned with the health, education, safety, and social well being of people in Wales. In particular, it concerns those organisations that hold information about individuals and who need to share that information to deliver effective services. Further information on WASPI can be found on our website.

Powered by GOSS iCM