Data protection

The Data Protection Act (DPA)  and the General Data Protection Regulation (GDPR) (pdf 960KB) both regulate the way we handle and process your personal data.

Personal data is any information relating to an identified or identifiable living individual.

Processing personal data is the name given to anything that we do with your personal data. For example, entering your details into our computer systems or storing a completed paper form in a filing cabinet.

As a result of changes to Data Protection law, we are:

  • introducing new processing procedures
  • strengthening our rules for deleting and removing personal data
  • being open with you about what we do with your data
  • where necessary ensuring that we perform privacy assessments
  • only using the minimum amount of personal data that we need to deliver a service to you
  • responding to personal data enquiries within the appropriate timeframe
  • ensuring our staff undertake Data Protection training

As a public body we are also required to appoint a Data Protection Officer. This is a dedicated senior officer who is responsible for enforcing how we collect and process your personal data in line with new data protection law:

Data Protection Officer
Aberdeenshire Council
Town House
Low Street
AB45 1AY

Access requests

The Data Protection Act and the General Data Protection Regulation both include a number of rights for individuals, including the right for an individual to access personal data that an organisation holds about them. This right of access extends to all information held on an individual except where a valid exemption (or restriction) applies. If an individual makes a request to view their information, it is known as an 'Access Request' or 'Subject Access Request' (SAR).

To make an Access Request, you must:

  • submit your request
  • supply information to prove who you are (to eliminate risk of unauthorised disclosure)
  • supply appropriate information to help the council to locate the information you require

Your request should include details and provide evidence of who you are (for example driving licence, passport, birth certificate, utility bills). You should also provide as much detail as possible regarding the information you wish to access (for example where and by whom information is believed to be held and specific details of information required).

Please note that the council will not be able to comply with any requests received unless satisfactory proof of identification is provided.

There is no charge for making an Access Request, except where the request is manifestly unfounded or excessive in which case we may charge a reasonable fee.

You are not required to state why you wish to access the information. The details we require are merely those that will aid the efficient location and retrieval of information.

On receipt of an Access Request, all efforts will be made to fully comply with the request within one month. However, in the case of complex requests this time period may be extended by up to two further months. In the event that we deem your request to be complex, and require to extend the time period, we will write to you to let you know.

View privacy notice relating to submission of Access Requests (pdf 537KB).

To submit your request please complete our Access Request form (pdf 187KB) and return it to the Data Protection Officer.

Please see our Access Request guidance (pdf 251KB) for more information.

Further guidance concerning access requests can also be obtained from the Information Commissioner's Office (ICO) website.

Please note that you cannot request access to deceased individuals records via Data Protection law. Data Protection law only applies to personal information about a living individual.

Inaccurate data

If you feel that we hold inaccurate or incomplete data about you please contact the relevant council service requesting that they rectify the data.

Help us improve