Under the EU General Data Protection Regulation (GDPR) which became enforcable May 25th 2018, you have the right to find out if an organisation is using or storing your personal data. This is called the 'Right of Access'. You exercise this right by asking for a copy of the data, which is commonly known as making a ‘Subject Access Request’.
Erasure, or 'the right to be forgotten'
Not forgetting this aspect of GDPR, there are instances where you may request an organisation to erase or delete your data. For example,
- Where the data is no longer needed to satisfy the purpose for which it was collected in the first place.
- Where an individual has withdrawn the consent initially given for collection of the data.
- Where the individual has successfully raised an objection to the processing.
- If the data is being processed unlawfully.
You can make a Subject Access Request to find out what data is held and how it is used. You may also make a Subject Access Request before exercising your other information rights.
1. How Much Does It Cost?
Please note that there may well be instances where we might charge a fee for copies of records, especially where the requests are excessive or incur significant administrative costs to IS Know How.
After you submit your request to us, we’ll get in touch directly with you to progress your Subject Access Request, using the contact details that you’ve provided and including whether or not there will be a request for a SAR Administration Fee.
2. What Kind of Information Can Be Disclosed?
The 'Right of Access' extends to Personal Data which could include your name, identification number, contact details, bank details, race, gender, age, health status, email address, location, online identifier etc.
Any information held on an individual, is likely to be collected, stored and processed via digital or paper filing, database records, interview notes and / or e-mails referring to the individual board member, employees, customers, 3rd party suppliers and research subjects to name but a few.
IS Know How actively advise anybody considering submitting a Subject Access Request, to consult the great resource from the Information Commissioner's Office (ICO) which you can find here:
3. What Are The Timescales?
IS Know How as a Data Controller has 30 days to respond to your request. In certain circumstances we may need extra time to consider your request and can reasonably take up to an extra two months. If we are going to do this, we will let you know within the first 30 days, that we need more time and explain transparently why this is the case.
4. How Do I Submit A Subject Access Request?
To assist IS Know How in complying with the statutory timescales within GDPR, we require such Subject Access Requests to made in writing and accompanied by the required and relevant formal identification.
Should you wish to submit a request, you should do so by completing the form below:
This form will provide ISKH with the necessary information that we need to deal with your request. Upon receipt of your submitted SAR form, ISKH will create a new 'Subject Access Request Received' ticket via our HelpDesk.
Then simply proceed with the dialogue between us. If you create an enquiry ticket, please select;
Guest Data Protection Enquiries > Data Protection Subject Access Request' then 'Open New Ticket'.
Finally, make sure to also attach and upload the required proof of identity, as outlined in the Subject Access Request form.
5. Changes to this Subject Access Request
5.1 We may alter this Subject Access Request at any time. If We do so, details of the changes will be highlighted at the top of this page and Any such changes will become binding. You are therefore advised to check this page from time to time.
5.2 This Policy has been approved and authorised by:
Mr Robert Stones
Data Protection Officer
25th May 2018
Due for Review by:
25th May 2019
6. Further Information
6.1 If you would like to know more about how IS Know How deals with Subject Access Requests, please contact Us at , by telephone on 02921-679-021, or by post at Britannia House, Caerphilly Business Park, Van Road, Caerphilly, Wales, UK CF83 3GG.
6.2 For more details of the personal data that We Collect, Store and Process, the measures we have in place to protect personal data, your legal rights, and our legal obligations, please refer to our;