Your Right of Access / Data Protection
Statutory right
Under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 individuals have a statutory right to have access to personal data which is held on computer or in a structured manual file, i.e. on paper. It is also expected that the Data Controller will ensure that the data is:
- Processed fairly and lawfully
- Obtained for specific and lawful purposes
- Adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Not kept for longer than is necessary
- Processed in accordance with the rights of the data subject
- Kept secure
- Not transferred abroad unless to countries with adequate data protection laws
For the purposes of the 2018 Act, “personal data” is information that relates to a living identifiable person. The person or organisation who controls the purpose and manner in which data is processed is the “Data Controller”.
Further information can be found on our Privacy Notice on how we process data.
More information on the GDPR and Data Protection Act can be found on the website of the Information Commissioner.
The right to access
The Information Commissioner's website provides more information on how to request personal information.
Information where Dyfed Powys OPCC is the Data Controller
Individuals have a right to confirmation that their data is being processed, access to their information and other supplementary information contained in our Privacy Notice and Subject Access Policy.
Accessing personal data in this way is known as making a "subject access request". The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of and can verify the lawfulness of the processing.
Requests to access information should be made to the Data Protection Officer, please see contact details below:
Email: opcc@dyfed-powys.police.uk
Dyfed-Powys Police and Crime Commissioner
OPCC
PO Box 99
Llangunnor
Carmarthen
Carmarthenshire
SA31 2PF
We will respond to these requests within one calendar month.
If you consider that a request by you for access to your personal data has not been dealt with properly, you may:
- Write to the above address seeking resolution of your complaint, or
- Write to the Information Commissioner, who is appointed to consider such complaints at the:
Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
K9 5AF
The Information Commissioner is empowered to assess whether there has been a failure to comply with GDPR and the 2018 Act. The Commissioner can issue enforcement proceedings if satisfied that there has been a contravention of the data protection principles. The Commissioner can also recommend that you apply to court alleging a failure to comply with the subject access provisions of GDPR and 2018 Act. The court may make an order requiring compliance with those provisions and may also award compensation for any damages you have suffered as well as any associated distress.
Information where Dyfed Powys OPCC is not the “Data Controller”
In many cases, it is the Police Force and not the OPCC who hold personal information. The Police National Computer includes information on prosecutions, convictions and cautions. Chief Officers of the Police Forces are the “data controllers” for this information and not OPCC’s.
You have the right to be told by a Chief Officer whether any information is held about you on the Police National Computer and a right to a copy of that information. The Chief Officer may deny access to this information where the information is held for the prevention or detection of crime or for the apprehension or prosecution of offenders and where release of the information would be likely to be prejudicial to any of these purposes.
You can make a request to Dyfed Powys Police here: Request information | Dyfed-Powys Police