TfGM and the Data Protection Act

The Data Protection Act 1998 came into force on the 1st March 2000 and is the key piece of legislation governing the protection and use of personal data. The Act only applies to personal data which identifies living persons and does not apply to information relating to the deceased. The Act also provides for the regulation of the processing of such personal information including the obtaining, holding, use of or disclosure of such information. TfGM holds personal data and is thereby subject to those provisions and has to abide by the eight principles of the Data Protection Act which are:

Personal data shall be:-
  1. Processed fairly and lawfully.
  2. Processed only for specified, lawful and compatible purposes.
  3. Adequate, relevant and not excessive.
  4. Accurate and where necessary, kept up to date.
  5. Kept for no longer than necessary.
  6. Processed in accordance with the rights of the data subject.
  7. Kept secure.
  8. Transferred outside the European Economic area only if there is adequate protection.
Individuals in respect of their own personal data held by TfGM have certain rights, which are:-
  1. Rights of subject access.
  2. Right to prevent processing likely to cause unwarranted, substantial damage or distress.
  3. Right to prevent processing for the purposes of direct marketing.
  4. Right in relation to automated decision making.
  5. Right to take action for compensation if the individual suffers damage.
  6. Right to take action to rectify, block, erase or destroy inaccurate data.
  7. Right to make a request for the Information Commissioner for an assessment to see any provision of the Act has been contravened.
One of the pivotal provisions of the Act is the right of subject access. It is the means by which individuals are able to check whether the data about themselves is correct and whether it is being processed in accordance with the data protection principles. It also provides the opportunity for the exercise of further rights such as seeking the rectification of inaccurate data. Requests for access to records and for other information about those records are known as ‘Subject Access Requests’. Personal data may take the form of computerised or in some cases paper records.
Individuals who wish to contact TfGM for subject access purposes are asked to complete the Subject Access Request Form.
TfGM will then have 40 days from receipt of the form to comply with the request, provided that TfGM are satisfied as to the identity of the person making the request and have sufficient information to enable them to locate the information requested.
Data Protection is complex and we are unable to provide in depth information on the legislation within this site. Further information and guidance is provided by the Information Commissioner who has a supervisory and enforcement role in relation to the Act.
For Data Protection requests or further information about Data Protection at TfGM, please write to: Information Manager, 2 Piccadilly Place, Manchester, M1 3BG, or email - data.protection@tfgm.com