General Data Protection Regulation (GDPR)

What is it?

The GDPR is a legal framework that sets out guidelines for the collection, use and sharing of personal information of people within the EU. It came into effect on 25th May 2018 and the UK is still subject to GDPR even though we are set to leave the EU under Brexit.

Keeping your personal information safe and secure remains our top priority and we have updated our policies and procedures to ensure that we meet the new regulation. 

To promote transparency in the way we process personal data, we have privacy notices for each area of the Council to offer more detail on what we collect, how we use it and your rights.

New rights for individuals

The new rights are:

  • The right to be forgotten - In some cases an individual can ask for their personal data to be deleted
  • Changes to consent required from individuals
  • Where consent for the use of personal data is required it must in future be explicit, non-ambiguous and given freely
  • Right to withdraw information.

Data breach notification

In certain circumstances, we are required to tell the Information Commissioner Office about unauthorised disclosures of personal data as soon as they are discovered.

If the disclosure has serious implications for any individuals, they will also be informed.

Privacy by design

We design data protection into the development of business processes and undertake Data Privacy Impact Assessments (DPIAs) to ensure we've fully considered any risk, putting protections in place where necessary.

These protections are reviewed regularly to ensure that we're fit for purpose and are maintaining good practice.

Data Protection Officer

Our Data Protection Officer is responsible for GDPR within the Council and if you wish to raise a concern or seek clarification about one of our privacy notices, you can email your query.

We have an information governance team who support the Data Protection Officer in their role. If you would like any guidance, please contact

© Wigan Council