In general, the DPA gives individuals a right to access the personal data an organisation is processing about them, unless an exemption applies. This is called a Subject Access Request and you can make a request to us to access your personal data and information. We charge a fee of £10 for Subject Access Requests.

To make a Subject Access Request for personal information under the DPA, you must make a written request. This can be done by any of the following methods:

Post: You can donwload a copy of our Subject Access Request Form for completion and return by post, by using the link below.

Email to: performance@eppingforestdc.gov.uk

Write to: Data Protection Officer, Epping Forest District Council, High Street,  Epping, Essex CM16 4BZ

Online: complete the Data Protection Contact Form 

Written Subject Access Requests submitted by email, letter or the Data Protection Contact Form must include your name and contact address, and should describe the information you want. In responding to your request, we will ask you for evidence of your identity and the relevant fee. We may also ask you to provide some details of the information you require, to help us understand what information you are seeking and where the data may be held.

We will reply to your request within forty calendar days of receiving evidence of your identity and the Subject Access Request fee. We will give you access to all the information you have asked for unless:

•  an exemption applies to some or all of it (see below), or
•  there is information about someone else included with your own information and it is necessary to withhold some or all of it

We will not:

•  ask you why you want the information or what it will be used for
•  ask you to keep what we have told you confidential, or
•  refuse any request unless an exemption applies

Providing information to you might affect the rights of other people. For instance it might include personal data about other people. If so, we may contact them to help us decide whether the information should not be disclosed. We will normally provide a copy of the information you require, but in some circumstances, if there is a large volume of information, we may invite you to view the information at the Civic Offices.

We may withhold disclosure of information we hold about you where the law allows. The main reason for exemption will be where the disclosure of information would prejudice the prevention or detection of a crime or the apprehension or prosecution of offenders.

Section 29 of the Data Protection Act 1998 allows the council to share personal data with the police and other investigative agencies without the consent of the data subject, where information is required:

• for the prevention or detection of crime; or
• for the apprehension or prosecution of offenders; or
• for the assessment or collection of tax or duty.

The disclosure of personal information to the police or other agencies is not compulsory, and will only be made where one or more of these circumstances apply and non-disclosure would prejudice an investigation into one of the above, or where the council is served with a Court Order requiring the disclosure of the information.

A copy of our Data Sharing Form for information about another person, for completion and return by post, can be downloaded using the link below.

This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

The Audit Commission appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explananation until an investigation is carried out.

The Audit Commission currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data for matching to the Audit Commission for each exercise, and these are set out in the Audit Commission's NFI guidance on their website.

The use of data by the Audit Commission is a data matching exercise and is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Audit Commission is subject to a Code of Practice which can be downloaded from their website.

For further information on the Audit Commission's legal powers and the reasons why it matches particular information, see the Audit Commission's Fair Processing page. For further information on data matching at this authority contact Chief Internal Auditor, Brian Bassington on 01992 564446

For further infomation on our approach to your data, please see the rest of our Data protection and privacy page.

Requests for all other types of data, which is not personal information, is dealt with under the provisions of the Freedom of Information Act 2000. For further information please visit our Freedom of Information page.