Riverside Surgery

Dr Swindlehurst & Partners - Seduli ad Curandum - Committed to Care
Tel: (01386) 444400

Freedom of Information Act 2000 & Data Protection Act 2018

Freedom of Information Act 2000

The Freedom of Information (FOI) Act was passed on 30th November 2000.  It gives a general right of access to all types of recorded information held by public authorities, with full access granted in January 2005.  The Act sets out exemptions to that right and places certain obligations on public authorities.

FOI replaced the Open Government Code of Practice, which has been in operation since 1994.

The Data Protection Act 2018

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

  • race
  • ethnic background
  • political opinions
  • religious beliefs
  • trade union membership
  • genetics
  • biometrics (where used for identification)
  • health
  • sex life or orientation

There are separate safeguards for personal data relating to criminal convictions and offences.

Your rights

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

  • be informed about how your data is being used
  • access personal data
  • have incorrect data updated
  • have data erased
  • stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)
  • object to how your data is processed in certain circumstances

You also have rights when an organisation is using your personal data for:

  • automated decision-making processes (without human involvement)
  • profiling, for example to predict your behaviour or interests

Data Protection and FOI – how do the 2 interact?

The Freedom of Information Act and the Data Protection Act are the responsibility of the Lord Chancellor’s Department. A few of its strategic objectives being:

  • To improve people’s knowledge and understanding of their rights and responsibilities
  • Seeking to encourage an increase in openness in the public sector
  • Monitoring the Code of Practice on Access to Government Information
  • Developing a data protection policy which properly balances personal information privacy with the need for public and private organisations to process personal information.

The Data Protection Act does not give third parties rights of access to personal information for research purposes.

The FOI Act does not give individuals access to their personal information, though if a request is made, the Data Protection Act gives the individual this right.  If the individual chooses to make this information public it could be used alongside non-personal information gained by the public under the terms of the FOI Act.