Data protection and privacy

To follow any changes to this service, visit the Council Service Updates page.

How the council protects your personal information when you use our services.

UK General Data Protection Regulation

The UK General Data Protection Regulation (UK GDPR) is legislation that sets out how we should manage and protect your personal information and it also provides you with various rights in relation to this information.  This should be read alongside the Data Protection Act 2018.

Information is classed as personal if it could identify you as an individual either directly or by adding information together.

North Lincolnshire Council is committed to protecting your privacy when you use our services and our Council Privacy Notice explains how we do this and how we use your information.

In addition, we have created Privacy Notices for the different teams who use personal data. These provide more information about why we are collecting your personal information and how we use it.

We have also created a Data Protection & Confidentiality Policy [PDF, 746Kb] to explain how we will comply with the UK GDPR.

Data Protection Officer

We have a Data Protection Officer who helps us to look after your personal information and who will answer your questions about how we look after this information. Our Data Protection Officer is Phillipa Thornley. She can be contacted at informationgovernanceteam@northlincs.gov.uk or by calling 01724 296224 and asking for your query to be directed to her.

Further information

We must ensure we abide by the seven principles of the UK GDPR to ensure personal information is:

  • Used in a lawfulness, fair and transparent way
  • Collected for specified, explicit and legitimate purposes and not used in an incompatible way
  • Adequate, relevant and limited to what is necessary
  • Accurate and where necessary kept up to date
  • Kept so that only identifies someone for no longer than is necessary
  • Used in a manner that ensures appropriate security
  • We are also responsible for, and must be able to demonstrate, compliance with these principles.

Demonstrating compliance includes:

  • Adopting and implementing Data Protection policies
  • Taking a ‘Data Protection by Design and Default’ approach
  • Putting written contracts in place with organisations that process personal data on our behalf
  • Maintaining documentation of our processing activities
  • Implementing appropriate security measures
  • Recording and, where necessary, reporting personal data breaches
  • Carrying out Data Protection Impact Assessments for uses of personal data that are likely to result in high risk to individuals’ interests
  • Appointing a Data Protection Officer and
  • Adhering to relevant codes of conduct and signing up to certification schemes.

The UK GDPR provides everyone with a series of rights as shown below. The first rights means we must keep you informed about how we are processing your personal information.  We are doing this by publishing a series of Team Privacy Notices.

An important part of these Privacy Notices is identifying the legal basis for the processing of your personal information.  The legal basis will be one of the conditions set out in Articles 6 of the GDPR and also a condition from Article 9 where special categories of personal data are being processed, as follows:

Article 6

  • Performance of a contract
  • Performance of a task or provision of a service in the public interest
  • To comply with a legal obligation
  • Protection of vital interests
  • Consent
  • Legitimate interests

Article 9

  • Reasons of substantial public interest
  • Preventative or occupational medicine
  • Employment and Social Security
  • Public interest in area of Public Health
  • To establish, exercise or defend legal claims / courts acting in judicial capacity
  • Personal data made public by the Data Subject
  • Protection of vital interests
  • Consent
  • Archiving purposes, scientific or historical research or statistical purposes
  • Legitimate activities in relation to not for profit organisations with a political, philosophical, religious or trade union aim

Personal data

Personal information – is any information relating to a natural person who can be identified, directly or indirectly, such as by name, an identification number, location data, an online identifier or genetic information.

Special categories of personal data – relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.


Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data controller and data processor

Data controller – means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.

Data processor – means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.


If you require assistance with any aspect of Data Protection or the UK General Data Protection Regulation (UK GDPR) please call our Information Governance Team on 01724 296224 or contact one of our Information, Advice and Guidance Centres, where your query will either be answered or passed on to the Data Protection Officer.  Alternatively you can email the Data Protection Officer via informationgovernanceteam@northlincs.gov.uk.

What to do if you are not happy

We aim to comply with the UK GDPR by meeting our organisational responsibilities and by responding to requests promptly and correctly.  However, if you have an issue or would like to make a complaint, please see our Information Complaints page.

When we have investigated if you are still dissatisfied, your route of Appeal is to the Information Commissioner’s Office (ICO) by completing the web contact form, by telephoning on 0303 123 1113 or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.