The General Data Protection Regulations (GDPR) replace the current Data Protection Act (1998) from 25 May 2018.

GDPR affect us because we hold and process your personal data; we're required to comply with strict rules - see the ICO guide to GDPR for more information.

Read our privacy notice to find out how we protect your personal informationdata.

What GDPR means for our customers

When we use your data we should:

  • ask for your consent using simple language that's easy to understand
  • make it easy for you to provide consent or to withdraw consent
  • make it clear how we'll process the data you're providing
  • let you know without delay if there is a 'data breach' (unauthorised disclosure of your personal data)
  • provide you with a copy of your personal information if you ask for it (in a format you can pass on)
  • let you know whether or not your personal data is being processed, where and for what purpose
  • (in some cases) erase your personal data or stop it from being processed, if you ask for this
  • hold and process only the data needed for us to complete our task
  • limit access to personal data to those who must access it for processing
  • design data protection into the development of our business processes and systems
  • undertake Privacy Impact Assessments (PIAs)

GDPR and our suppliers

We've been contacting the companies which supply goods and services to us, about data protection changes, asking them to complete an online survey confirming their use of personal data.

If you're a supplier and haven't already received an email or letter from us about GDPR, email: GDPR.Contracts@york.gov.uk stating the goods or services you supply.

Also see

Comment on this page