What must I do?

1. MUST: On receipt of a subject access request you must forward it immediately to Town Clerk
2. MUST: We must correctly identify whether a request has been made under the Data Protection legislation
3. MUST: A member of staff, and as appropriate, councillor, who receives a request to locate and supply personal data relating to a SAR must make a full exhaustive search of the records to which they have access.
4. MUST: All the personal data that has been requested must be provided unless an exemption can be applied. 
5. MUST: We must respond within one calendar month after accepting the request as valid.
6. MUST: Subject Access Requests must be undertaken free of charge to the requestor unless the legislation permits reasonable fees to be charged.
7. MUST: Councillors and managers must ensure that the staff they manage are aware of and follow this guidance. 
8. MUST: Where a requestor is not satisfied with a response to a SAR, the council must manage this as a complaint.

How must I do it?

1. Notify the Town Clerk upon receipt of a request.
2. The Town Council must ensure a request has been received in writing where a data subject is asking for sufficiently well-defined personal data held by the council relating to the data subject. We will clarify with the requestor what personal data they need. They must supply their address and valid evidence to prove their identity. The council accepts the following forms of identification (* These documents must be dated in the past 12 months, +These documents must be dated in the past 3 months):

• Current UK/EEA Passport

• UK Photocard Driving Licence (Full or Provisional)

• Firearms Licence / Shotgun Certificate

• EEA National Identity Card

• Full UK Paper Driving Licence

• State Benefits Entitlement Document*

• State Pension Entitlement Document*

• HMRC Tax Credit Document*

• Local Authority Benefit Document*

• State/Local Authority Educational Grant Document*

• HMRC Tax Notification Document

• Disabled Driver’s Pass

• Financial Statement issued by bank, building society or credit card company+

• Judiciary Document such as a Notice of Hearing, Summons or Court Order

• Utility bill for supply of gas, electric, water or telephone landline+

• Most recent Mortgage Statement

• Most recent council Tax Bill/Demand or Statement

• Tenancy Agreement

• Building Society Passbook which shows a transaction in the last 3 months and your address

3. Depending on the degree to which personal data is organised and structured, there will need to be a search emails (including archived emails and those that have been deleted but are still recoverable), Word documents, spreadsheets, databases, systems, removable media (for example, memory sticks, floppy disks, CDs), tape recordings, paper records in relevant filing systems etc. which the Town Council is responsible for or owns.

4. The Town Council must not withhold personal data because it is believed it will be misunderstood; instead an explanation should be provided with the personal data. The personal data will be provided in an “intelligible form”, which includes giving an explanation of any codes, acronyms and complex terms. The personal data must be supplied in a permanent form except where the person agrees or where it is impossible or would involve undue effort. It may be possible to agree with the requester that they will view the personal data on screen or inspect files on our premises. We will redact any exempt personal data from the released documents and explain why that personal data is being withheld.

5. Make this clear on forms and on the council website

6. Through the use of induction, performance appraisals and training, as well as through establishing and maintaining appropriate day to day working practices, we will ensure that all Councillors and officers are aware of this procedure.

7. A database is maintained allowing the council to report on the volume of requests and compliance against the statutory timescale.

8. When responding to a complaint, we must advise the requestor that they may complain to the Information Commissioners Office (“ICO”) if they remain unhappy with the outcome.