We need to comply with the Data Protection Act 2018 and UK General Data Protection Regulations (UK GDPR). This policy has been developed to ensure all staff, contractors and partners understand their obligations when processing personal and special category data.
This policy and the legislation apply to all personal data, both that held in paper files and electronically. So long as the processing of the data is carried out for council purposes, it applies regardless of where data is held.
‘Processing’ data is widely defined and includes obtaining, recording, keeping, or using it in any way; sharing or disclosing it; erasing and destroying it.
How to complain about how we use your personal data
Under the Data (Use and Access) Act 2025, you have the right to complain if you are worried about how Luton Council has used your personal information, or if you think your data has been lost, shared, or used in the wrong way.
How to make a complaint
Tell us:
- what your concern is
- enough details to help us find your information, such as account or reference numbers
Email: dataprotection@luton.gov.uk
When to contact us
You should contact us within three months of your last important contact with the Council. We may not look into complaints made after this time.
What happens next
Your complaint will be looked at by the Information Governance team. They will:
- record your complaint and confirm they have received it within 30 days
- investigate and reply to you as soon as possible, usually within one month
If we need more time, we will let you know and explain why.
For serious complaints, a senior officer called the data protection officer may also review the case.
If you are not happy with our response
If you are not satisfied, you can contact the Information Commissioner’s Office (ICO). The ICO is the UK organisation that makes sure data protection laws are followed.