2. Collecting personal data
Personal data is anything that enables you to identify an individual when you read that information. For example a person’s name or a unique identifier like their national insurance number, is personal data. Personal data includes any:
- expression of opinion about the individual
- indication of the intentions of the data controller or any other person in respect of the individual
Collecting personal data
When collecting personal data make sure that people know:
- who you/we are
- what the data will be used for
- to whom it will be disclosed
Do not collect more personal data than is needed.
Observe the rights of individuals
Individuals whose personal details you hold have various rights. They must be able to:
- receive on request any details of the processing relating to them – this is called a subject access request and includes any information about themselves and information regarding the source of the data
- have any inaccurate data corrected or removed in certain circumstances to stop processing likely to cause “substantial damage or substantial distress”
- prevent their data being used for advertising or marketing
- not be subject to fully automated decisions if such decisions significantly affect them
When a subject access request is received, it is important to:
- treat the requestor with courtesy and try to understand what exactly is being sought
- act promptly and effectively – you only have 40 calendar days to respond
- Contact the Department’s Chief Information Officer
There’s currently no charge for data protection requests.
