Data protection terms, principles, processing data, notifying data subjects, security, transfer of data, disclosure, sharing and subject access requests.

Everyone has rights with regard to the way in which their personal data in handled.

Whose data we collect

During the course of our activities we will collect, store and process personal data about our citizens, service users, suppliers and other third parties.

The types of personal data that we may be required to handle include information about current, past and prospective customers, service users, employees, suppliers and others that we communicate with.

Our policy

Our pdf data protection policy (253 KB)  leads and advises on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.

It is subject to certain legal safeguards specified in the combined data protection Laws (UK GDPR and DPA 2018) and other regulations related to personal data.

Data users are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy may result in disciplinary action.

Our  pdf data breach policy (386 KB) has details on detecting and responding to personal data breach occurrences.

Who's responsible for our compliance

The Data Protection Officer is responsible for ensuring our compliance with data protection legislation and with this policy.

If you have any questions about the operation of this policy or any concerns that the policy has not been followed, email 

You can also write to:
Data Protection Officer
Bristol City Council
City Hall
PO Box 3399