Data protection laws are in place to protect an individual’s privacy by regulating the way their personal data is collected, stored and used by organisations like Devon County Council.

Data protection rights

Data protection laws provide you with a right to request copies of documented information that the Council holds about you – the right of subject access.

Find out how to access your personal data, including details of the information needed by the council to progress your request. This covers circumstances when personal details of third parties can be requested, that information would normally be removed from disclosures made to you.

If you are trying to locate a friend, family member or loved one, please refer to our locating friends and family guidance.

For further information about your data protection rights, please visit our webpage entitled Your data protection rights | Devon County Council. You can also obtain independent advice on your data protection rights from the Information Commissioner’s Office.

Complaints about the handling of your personal data

If you are concerns about the way that Devon County Council has collected, stored, shared or otherwise used your personal data, please email the details of your complaint along with evidence you would like to submit, to the Data Protection Officer.

Data Protection Officer

Devon County Council is required by law to have a Data Protection Officer who is responsibility for the following tasks:

To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments, train staff and conduct internal audits.
To be the first point of contact for the Information Commissioner’s Office.
To be the first point of contact for individuals who wish to exercise their rights under this legislation.

Martin Lawrence is the Data Protection Officer and can be contacted using the details below:

Tel: 01392 383792
Email: keepdevonsdatasafe@devon.gov.uk
Post: Data Protection Officer, County Hall, Topsham Road, Exeter, Devon, EX2 4QD

Security

We have a statutory duty under data protection laws, to ensure that the council has adequate technical and organisational measures in place to protect the personal data we handle. The control we have in place include:

Data protection and cyber security policies
Information security guidance and best practice that is promoted to all our staff
Mandatory data protection and cyber security training for all our staff
Email encryption that protects outgoing email
A secure email system called Egress, that provides extra protection for the most sensitive information we may need to share electronically.
Compliance with the NHS Data Security and Protection Toolkit (standards met).
The appointment of a Senior Information Risk Owner who is responsible for overseeing the council’s data protection and security risk management arrangements.
Technical infrastructure that is secured using industry standard security controls.

Further details of the technical security controls that the council has in place is outlined on our security web page.

How to report a breach of security

If you are concerned that the council may have breached its security obligations, please report this to us using our Security Incident Reporting Form or email the Data Protection and Information Security Team at keepdevonsdatasafe@devon.gov.uk. If you wish to complain about a breach of security, please contact our Data Protection Officer.

Privacy and transparency

Please read our privacy page for further details about how your privacy will be managed when you interact with us and our website. For more information about how Devon County Council will collect, use and store your personal data, please read our privacy notices that are published on our privacy notices library.

Crime prevention and detection

Data protection laws allow Devon County Council to share personal data for the purposes of preventing or detecting crime, or for the apprehension or prosecution of offenders.

If you are a third party organisation that may require access to personal data for these purposes please make a request – in writing – if you are a police service include your 277 Data Request Form, as follows :

• Email: accesstoinformation@devon.gov.uk
• Post: Access to Information, County Hall, Topsham Road, Exeter, EX2 4QD

For further assistance please contact the Access to Information team on 01392 380100.