Data Protection Act

Changes to Data Protection Regulations (UK GDPR)

New General Data Protection Regulation (UK GDPR) started on 25 May 2018. Data can seem a complex subject, but its part of everything we do. The UK GDPR puts customers' rights at the centre of data protection. It will change how businesses and local authorities handle the information held on you.

If you’d like to find out more you can read our Privacy Policy. The information below summarises how we comply with the requirements of the General Data Protection Regulation and how you can obtain details of personal information we hold about you.

For more information, read our Data Protection Policy

What's new?

There are quite a few differences between the way things work now and the way they will work in the future.  The UK GDPR will make it much easier for you to get hold of the information organisations hold on you, and will give you the right to withdraw consent for your personal data to be used, when consent is used as the lawful basis for processing your data. You can request information held on you free-of-charge.

  • you will be able to get hold of the information organisations hold on you much more freely
  • it will be simpler for you to withdraw consent for your personal data to be used
  • you will be able to ask for data to be deleted
  • councils and all organisations will need to obtain "explicit" consent when they process sensitive personal data
  • personal data will include things such as IP addresses, DNA and small text files known as cookies
  • it will be a criminal offence to re-identify anyone from anonymised or pseudonymised data

Both personal data and sensitive personal data are covered by UK GDPR.

What is personal data?

Personal data is information about a living individual from which that person can be identified. That information can be in a variety of formats. For example it might be on computer, in a paper filing system or in more unusual formats such as CCTV footage.

Why does Erewash Borough Council collect data about people?

We need to collect personal data to fulfil our functions in relation to the provision of services such as planning, environmental health, enforcement, licensing, collection of council tax and business rates, and payment of Housing Benefits.

What principles apply to the collection of personal data?

There are six governing principles that must be followed in relation to the processing of data about individuals:

  1. Personal data should be processed fairly, lawfully and in a transparent manner.
  2. Data should be obtained for specified and lawful purposes and not further processed in a manner that is incompatible with those purposes.
  3. The data should be adequate, relevant and not excessive.
  4. The data should be accurate and where necessary kept up to date.
  5. Data should not be kept for longer than necessary.
  6. Data should be kept secure.

For more information, see our Data Protection Policy.

Subject Access Requests

As a data subject you have the right:

  • to be told whether we are processing information about you,
  • to be provided with a description of the data, why we are processing it and the sorts of people or organisations we might disclose the information to,
  • to be provided with a copy of the data in an intelligible and permanent form, and
  • to be told, if we know, where the information was obtained from.

How do I make a Subject Access Request?

The easiset way to make a Subject Access Request is by using our Request Form here: Data Subject Access Request Form. Once completed, you can submit by email to This email address is being protected from spambots. You need JavaScript enabled to view it.

Alternatively, you can write to the Data Protection Officer at Erewash Borough Council, Ilkeston Town Hall, Wharncliffe Road, Ilkeston, Derbyshire DE7 5RP. You can also call us on 0115 9072244, or you can make a request through one of our social media channels. Please note that phone or social media requests will require a follow-up postal or email address for us to respond to, once your request is validated.

When making a Subject Access Request you may be asked to provide some means of identification. This is to safeguard all Data Subjects by making sure that we only supply information to those who are entitled to receive it. Acceptable forms of identification are a birth certificate or driving license or a photocopy of either. Original documents, if provided, will be returned to you as soon as possible.

If I am unable to make a Subject Access Request myself can I ask somebody to do it for me?

Yes, but you will need to give them authority to do so. If there is no-one who can help you then let the Data Protection Officer at the Council know and they will make arrangements for somebody to assist you if necessary.

Is there a fee to make a Subject Access Request?

There is no fee for the provision of a subject access request following the introduction of UK GDPR on the 25 May 2018.

How long will a Subject Access Request take?

We will endeavour to provide you with the requested information as soon as possible and no later than 1 (one) month from receipt of a valid request.

Can I always obtain information about myself?

Not always. The Regulation has a number of exemptions. If you make a Subject Access Request and we consider that the information concerned is exempt from any provision of the Act then we will explain why. If you disagree with our view, you can ask us to reconsider or you can take the matter up with the Information Commissioner who oversees compliance with this legislation whose details are given at the end of this page.

What can I do if I think that information you hold about me is incorrect?

Write to us explaining what you think is wrong and ask for the data to be corrected. We must tell you what we have done or intend to do within 21 days. If you do not agree with our decision, you can ask us to record that disagreement for future reference - or you can take the matter up with the Information Commissioner.

Can I claim any compensation if I think that information about me has been wrongly used?

If we have broken any of the rules or conditions established by the Regulation and you have suffered damage or distress as a result of this, then you may be able to claim compensation through the Courts. Any such claim will need to show that we had not taken reasonable care to comply with the UK GDPR.

Contact us

To get in touch about data protection contact us by email or write to the Data Protection Officer at Erewash Borough Council, Ilkeston Town Hall, Wharncliffe Road, Ilkeston, Derbyshire DE7 5RP.


The ICO is the UK's independent body set up to uphold information rights. The ICO has a duty to promote public access to official information and protecting your personal information and provides extensive guidance on how people can exercise their rights. For more information visit the ICO website or call 0303 123 1113