Data protection policy

Data protection policy

Data protection terms, principles, processing data, notifying data subjects, security, transfer of data, disclosure, sharing and subject access requests.

Everyone has rights with regard to the way in which their personal data in handled.

Whose data we collect

During the course of our activities we will collect, store and process personal data about our citizens, service users, suppliers and other third parties.

The types of personal data that we may be required to handle include information about current, past and prospective customers, service users, employees, suppliers and others that we communicate with.

Our policy

Our data protection policy (pdf, 258KB) (opens new window)  leads and advises on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.

It is subject to certain legal safeguards specified in the General Data Protection Regulations EU 2016/679 (the Regulation), the Data Protection Act 2018 (the Act) and other regulations related to personal data.

Data users are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy may result in disciplinary action.

Who's responsible for our compliance

The Data Protection Officer is responsible for ensuring our compliance with data protection legislation and with this policy.

If you have any questions about the operation of this policy or any concerns that the policy has not been followed, email 

You can also write to:
Data Protection Officer
Bristol City Council
City Hall
PO Box 3399