Data protection terms, principles, processing data, notifying data subjects, security, transfer of data, disclosure, sharing and subject access requests.

Everyone has rights with regard to the way in which their personal data in handled.

Whose data we collect

During the course of our activities we will collect, store and process personal data about our citizens, service users, suppliers and other third parties.

The types of personal data that we may be required to handle include information about current, past and prospective customers, service users, employees, suppliers and others that we communicate with.

Our policy

Our pdf data protection policy (424 KB)  leads and advises on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.

It is subject to certain legal safeguards specified in the combined data protection Laws (UK GDPR and DPA 2018) and other regulations related to personal data.

Data users are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy may result in disciplinary action.

Bristol City Council's data protection policies contain a number of technical terms. The definitions of these terms are found in  pdf this glossary (147 KB) .

Our  pdf data breach policy (353 KB) has details on detecting and responding to personal data breach occurrences.

Our  pdf data protection impact assessment (401 KB) sets out our obligations to undertake a Data Protection Impact Assessment.

Who's responsible for our compliance

The Data Protection Officer is responsible for ensuring our compliance with data protection legislation and with this policy.

If you have any questions about the operation of this policy or any concerns that the policy has not been followed, email 

You can also write to:
Data Protection Officer
Bristol City Council
City Hall
PO Box 3399
Bristol, BS1 9NE