Data Protection at Trafford Council

Trafford Council is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR) which came into force on 25th May 2018. As with the previous legislation, the GDPR  gives legal rights to individuals (data subjects) in respect of personal data held about them.

Statement of Policy

In order to operate efficiently, Trafford Council has to collect and use information about people with whom it works. These may include members of the public, current, past and prospective employees, clients and customers, and suppliers. In addition it may be required by law to collect and use information in order to comply with the requirements of central government.

This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means. There are safeguards within  data protection law to ensure this.

Trafford Council regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the Council and those with whom it carries out business. The Council will ensure that it treats personal information lawfully and correctly.

To this end the Council fully endorses and adheres to the principles of data protection as set out in the  General Data Protection Regulation.

Purpose of the General Data Protection Regulation

The  Data Protection Act 1998 was designed to cover the collecting, storing, processing and distribution of personal data. It gives rights to individuals about whom information is recorded.

The General Data Protection Regulation brings the previous Act up to date in our ever developing digital world. Many of the principles and rules remain the same and there is a greater emphasis for organisations to demonstrate transparency with your data.

This applies to all individuals whether they are an employee, elected member or a member of the public. Each individual has the right to access personal data, prevent processing likely to cause damage or distress and prevent processing for the purposes of direct marketing.

They also have rights in relation to automated decision taking, to take action for compensation if they suffer damage by any contravention of Data Protection Law by the data controller, to rectify, block, erase or destroy inaccurate data and to make a request to the Information Commissioner for an assessment to be made of the data controller if they feel that the Act has been contravened.

Obligations are placed on those who record and use personal data (data controllers). They must be open about the use of such personal data through notification to the Information Commissioner and they must follow sound and proper practices by applying the Data Protection Principles.

Further details of your data protection rights can be found at

The Council continues to be fully committed to complying with all data protection legislation which gives legal rights to individuals in respect of personal data held about them.