Data Protection and GDPR

Coronavirus (Covid-19) and Changes to Data Protection Requests

Under normal circumstances, before we respond to a subject access request we would ask applicants to send us copies of relevant documentation which have been 'certified' by a professional person or someone well respected within the community, such as a solicitor, social worker, doctor, teacher or police officer.  This is to ensure that applicants are who they claim to be and that we are not releasing personal data to the wrong person.

However, we recognise that at present it will not be possible for applicants to get documentation certified, and in any case we do not have any staff on site to process incoming copy documentation.  We would therefore ask that you provide us with as much information as possible connecting you to the subject matter of your request, such as copies of correspondence we have sent to you relating to the particular matter.  The council will take a proportionate view in relation to the verification of identity in deciding whether and how much information we can release.  For particularly sensitive information, or requests for all information we hold about someone, it may not be possible to comply with such requests until circumstances have changed and we receive properly certified proof of identity.


Data Protection Requests

In order to deliver services to the citizens and communities in West Lothian, it is necessary for the council to collect, gather and process personal data about residents, staff and other individuals.

The new Data Protection Act (2018) and General Data Protection Regulation (GDPR) came into effect in May 2018. Data Protection Law regulates the way we handle and process personal data within the council. The law includes new definitions of personal data that is in keeping with changing technology and has strengthened the rights of individuals.

Personal data is information which relates to a living person who can be identified from the information itself, or by linking it with other information. For example, it could be your name and address, a school pupil's record or a client's health information.

Processing personal data is the name given to anything that we do with your personal data that we hold. For example, entering your details into our computer systems or storing a completed form in a filing cabinet.

Changes to Data Protection Law
Who we are
Why we process your data

Sharing and protecting your information
How long we keep your information
Privacy Notices
How to make an enquiry or lodge a complaint
Making A Subject Access Request and/or Enquiry