Data Protection

To provide services and carry out our statutory duties, East Dunbartonshire Council must gather personal information about residents, employees and other individuals. This personal information, however it is acquired and used, must be dealt with fairly and lawfully. The Data Protection Act 1998 sets out the rules as to how East Dunbartonshire Council can use personal information.

About Data Protection

The act sets out eight basic principles for the way data is processed.  It states data must:

  • be processed fairly and lawfully
  • be processed for specified and lawful purposes
  • be adequate, relevant and not excessive
  • be accurate and up to date
  • not be kept longer than necessary
  • be processed in accordance with data subjects’ rights (the person on whom information is held)
  • be secure
  • not be transferred to countries without adequate Data Protection legislation

By law the Council must abide by these principles.

See the full text of the Data Protection Act 1998.

Data Protection Policy

To ensure that East Dunbartonshire Council complies with the terms of the Data Protection Act 1998, a Data Protection Policy has been published and can be viewed in the Documents section of this page. This gives information on the act, East Dunbartonshire’s responsibilities under it and its commitment to it.

Data Subjects' Rights

The Data Protection Act 1998 defines the individual on whom the Council holds and processes information as the Data Subject. The Council is known as the Data Controller.

The Act awards Data Subjects the right to:

  • access personal data held regarding themselves by the Council
  • stop the processing of data if it causes unwarranted damage or distress
  • opt-in to data processing for direct marketing purposes
  • the Data Subject also has the right to correct inaccurate data

Subject Access Request

Under the Data Protection Act 1998, individuals can make a formal request to obtain the information that the Council holds about them. This request is known as a Subject Access Request. The Council is obliged to respond to such requests within 40 calendar days.

If you would like to make a Subject Access Request, please view the Subject Access Request page.


The Data Protection Act is enforced and promoted by the UK Information Commissioner.  The Commissioner offers advice and guidance on the act and also investigates complaints regarding possible breaches of the act.

The UK Information Commissioner is not the same person as the Scottish Information Commissioner, who is responsible for the Freedom of Information (Scotland) Act, but not Data Protection in Scotland.


The Commissioner maintains a Register of Notifications listing all Data Controllers in the UK, the types of data they hold, how this is processed and who it is shared with. East Dunbartonshire Council is registered with the Commissioner.  You can view our entry at the Data Protection Register.