Data protection and security

Data protection

Devon County Council is required to comply with the Data Protection Act 2018 and the General Data Protection Regulation when it processes personal data.

Information about what we do with the personal data we process is contained in privacy notices that are published on our privacy notice library.

Further information regarding our data protection obligations and how we uphold your privacy is available from our pages below:

If you wish to complain about the way that your personal data has been handled, please report your concerns using the corporate feedback procedure.


We have a statutory duty under data protection laws, to ensure that the council has adequate technical and organisational measures in place to protect the personal data we process. These controls include:

  • data protection policies and supporting procedures
  • encrypted email via the Egress Switch secure email application
  • information security guidance that is issued to our staff
  • mandatory data protection training for our staff
  • technical infrastructure that is secured using industry standard security controls

Further details of the technical security controls that the council has in place is outlined on our security web page.

If you are concerned that the council may have breached its security obligations, please email the Data Protection and Information Security Team at . This concern will then be investigated to ensure that any risks are identified and where possible mitigated. If you wish to receive feedback regarding your concern, this will be handled via the corporate feedback procedure.