When an individual or an organisation collects information on people they have a duty to keep those details private and safe. Individuals have rights relating to how their details are acquired and how they are used. Persons whose data is stored are called "Data Subjects", and persons who control the data are "Data Controllers".
Factually correct and complete
Kept safely and securely
Only used for a purpose that a Data Subject consented to
Be kept for no longer than it is needed for the consented use
Available to only those who should have it
Available to the Data Subject for inspection
- A person has a right to be removed from an organisation’s mailing lists on request, without reason.
- An individual can request a copy of all of their personal data held by a Data Controller, and this can include their employer or even a prospective employer.
- An individual can sue for damages resulting from a breach their Data Protection rights.
A request for information to an organisation is to be in writing, a fee of €6.35 is the maximum a Data Controller can charge and the Data Controller has 40 days to comply. Further to this a Data Subject may request details of for whom and why the Data Controller is collecting their data.
If the information held is inaccurate a Data Subject can request that a Data Controller amends it. If there is no valid reason for holding the data they can request its removal.
Any breaches in Data Protection rights can be referred to the Data Protection Commissioner who is obliged to investigate the complaint, unless it is deemed vexatious.
Data requests can be a good tool in preparation for litigation, as it is cheaper and easier than going through a laborious discovery process, so it is important that an organisation’s data protection policy is kept in good order.
For further information please contact us on 01 6770335 or at firstname.lastname@example.org.