SUBJECT ACCESS REQUESTS - NEW RIGHTS FOR THE INDIVIDUAL UNDER GDPR

The Right of Individuals to Access your data is now strenghtened, with GDPR taking this further by ushering in Enhanced Rights for Data Subjects and New Obligations on Entities that Hold Personal Data.






Data Subject's Access to Personal Data

The General Data Protection Regulation, or GDPR, states that individuals have the right to ask organisations to confirm whether or not these organisations hold and process their Personal Data. This Personal Data could include your name, identification number, contact details, bank details, race, gender, age, health status, email address, location, online identifier and the like.

Individuals also have the right to access their Personal Data. They may do this in order to challenge the accuracy of such data and to request rectification of any inaccurate data. There are other reasons too, like erasure and data portability.

Erasure, or 'the Right to be Forgotten'

You may have come across this term in the media. There are instances where you may request an organisation to erase or delete your data. For example,
  • Where the data is no longer needed to satisfy the purpose for which it was collected in the first place
  • Where an individual has withdrawn the consent initially given for collection of the data

  • Where the individual has successfully raised an objection to the processing

  • If the data is being processed unlawfully

  • Where the data was collected in relation to the offer of information society services to a child

Data Portability

In some cases, an individual has the right to have his or her data transferred to other organisations. This is where automated processing takes place and the processing is based either on consent from the individual or on a contractual relationship between the individual and the organisation.

Fees

Please note that there may well be instances where we might charge a fee for copies of records, especially where the requests are excessive or incur significant administrative costs to IS Know How.

After you submit your request to us, we’ll get in touch directly with you to progress your Subject Access Request, using the contact details that you’ve provided and including whether or not there will be a request for a SAR Administration Fee.

What Kind of Information Can be Disclosed?

The 'Right of Access' extends to Personal Data which could include your name, identification number, contact details, bank details, race, gender, age, health status, email address, location, online identifier etc.

Any information held on an individual, is likely to be collected, stored and processed via digital or paper filing, database records, interview notes and / or e-mails referring to the individual board member, employees, customers, 3rd party suppliers and research subjects to name but a few.

What are the Timescales?

IS Know How as a Data Controller has 30 days to respond to your request. In certain circumstances we may need extra time to consider your request and can reasonably take up to an extra two months. If we are going to do this, we will let you know within the first 30 days, that we need more time and explain transparently why this is the case.

How to Make a Subject Access Request?

Complete and submit the form below or you may download and print a copy, complete it and then email or fax it as directed on the form.

IS Know How actively advise anybody considering submitting a Subject Access Request, to consult the great resource from the Information Commissioner's Office (ICO) which you can find here: https://ico.org.uk/your-data-matters/

REQUEST FOR ACCESS TO RECORD OF A PRIVATE BODY

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016

Article 15
The Data Subject shall have the right to obtain from the Controller, confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to that Personal Data. See Information Commissioner's Office 'Your Right of Access':
Make sure to hover your mouse over any of the 'Heading Titles', which will reveal further explanatory information for your perusal.
A. Particulars of the Controller from whom you are Requesting Access.
Company Name: Information Security Know How Ltd.
Address: Britannia House, Caerphilly Business Park, Van Road, Caerphilly, Mid Glamorgan, CF83 3GG
Telephone: +44 (0)2921-679-021
Email: HelpDesk@ISKnow.How
B. Particulars of the Living Person making the Subject Access Request.
Invalid Input, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
Invalid Input, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
Invalid Input, Please Correct.
C. Particulars of the person on whose behalf the request is being made.?
This section must ONLY be completed, if a request is being made on behalf of another living individual.
Invalid Input, Please Correct.
Invalid Input, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
Invalid Entry, Please Correct.
D. Particulars of the Record(s) being Requested?
Please provide full particulars of the record or records to which Access is requested, including any Reference Number or such other is known to you, to enable the Record(s) being requested to be located. Examples include your Personnel File, Emails between 'A' and 'B' (between certain dates), Registered Member data (Not Passwords), Copies of Statements, or any other that you feel will be assistive to your Subject Access Request.
Invalid Input, Please Correct.
Invalid Entry, Please Correct.
E. Preferred Choice of Our Response(s) to your Access Request?
Invalid Input, Please Correct.
F. Details of the Right(s) that you Wish to Exercise?
Individuals have the Right to Request Access to Information about them that we hold. They also have the Right to Object to Processing of Personal Data that is likely to Cause, or is Causing, Damage or Distress, the Right to Prevent Processing for the Purpose of Direct Marketing, the Right to Object to Decisions being taken by Automated means and, in certain circumstances, have Inaccurate Personal Data Rectified, Blocked, Erased or Destroyed. They also have the Right to Lodge a Complaint with a Supervisory Authority.
Invalid Input, Please Correct.
Invalid Input, Please Correct.
Invalid Input, Please Correct.
Invalid Input, Please Correct.
Invalid Input, Please Correct.
G. Fee's Statement
Dependant upon the type of Request and the Total Number of Records Requested, we may Charge Certain Fees to be in a position to Service the Request. Please Contact Us Directly should you have any query with Regards to Fees by Emailing Data-Protection@ISKnow.How Where requests from a Data Subject are Manifestly Unfounded or Excessive, in particular because of their Repetitive Character, the Controller may either Charge a Reasonable Fee; taking into Account the Administrative Costs of Providing the Requested Information, or Communication, or Taking the Action as Requested; or Refuse to Act on the Request. The Controller shall bear the Burden of Demonstrating the Manifestly Unfounded or Excessive Character of the Request.
Invalid Input
In order to submit this Enquiry, you are asked to positively consent - or we cannot process your request. Please consider your choice and amend as necessary.
In order to submit this Enquiry, you are asked to positively consent - or we cannot process your request. Please consider your choice and amend as necessary.

Changes to these Subject Access Requests

We may alter this Subject Access Request at any time. If We do so, details of the changes will be highlighted at the top of this page and Any such changes will become binding.  You are therefore advised to check this page from time to time.

This Policy has been approved and authorised by:

Name:

Mr Robert Stones

Position:

Doc Version:

Data Protection Officer

1.0

Date:

25th May 2018

Due for Review by:

25th May 2019

Further Information

If you would like to know more about how IS Know How deals with Subject Access Requests, please contact Us by telephone on 02921-679-021, or by post at Britannia House, Caerphilly Business Park, Van Road, Caerphilly, Wales, UK CF83 3GG.

For more details of the personal data that We Collect, Store and Process, the measures we have in place to protect personal data, your legal rights, and our legal obligations, please refer to our;

NEWSLETTER