Page 14 - Service Level Agreement (SLA)
P. 14

7. GDPR (General Data Protection Regulation)

                       1.  The EU GDPR (General Data Protection Regulation) gives individuals eight rights
                          relating to their personal data. Organizations must let individuals know how they
                          can exercise these rights and meet requests promptly. Failure to do so is a
                          violation of the GDPR and could lead to disciplinary action. But first, what is a
                          data subject?
                       2.  Organizations need to tell individuals what data is being collected, how it’s being
                          used, how long it will be kept and whether it will be shared with any third parties.
                          This information must be communicated concisely and in plain language.
                       3.   Individuals can submit subject access requests, which oblige organizations to
                          provide a copy of any personal data they hold concerning the individual.
                          Organizations have one month to produce this information, although there are
                          exceptions for requests that are manifestly unfounded, repetitive or excessive.
                       4.  If an individual discovers that the information an organization holds on them is
                          inaccurate or incomplete, they can request that it be updated. As with the right of
                          access, organizations have one month to do this, and the same exceptions apply.
                       5.  Individuals can request that organisations erase their data in certain circumstances,
                          such as when the data is no longer necessary, the data was unlawfully processed, or it
                          no longer meets the lawful ground for which it was collected. This includes instances
                          where the individual withdraws consent.
                       6.  The right to erasure is also known as ‘the right to be forgotten’.
                       7.  Individuals can request that an organisation limits the way it uses personal data. It’s
                          an alternative to requesting the erasure of data, and might be used when an
                          individual contests the accuracy of their personal data or when they no longer need
                          the information but the organisation requires it to establish, exercise or defend a
                          legal claim.
                       8.  Individuals are permitted to obtain and reuse their personal data for their own
                          purposes across different services. This right only applies to personal data that an
                          individual has provided to data controllers by way of a contract or consent.
                       9.  Individuals can object to the processing of personal data that is collected on the
                          grounds of legitimate interests or the performance of a task in the interest/exercise
                          of official authority. Organisations must stop processing information unless they can
                          demonstrate compelling legitimate grounds for the processing that overrides the
                          interests, rights and freedoms of the individual or if the processing is for the
                          establishment or exercise of defence of legal claims.
                       10. The GDPR includes provisions for decisions made with no human involvement, such
                          as profiling, which uses personal data to make calculated assumptions about
                          individuals. There are strict rules about this kind of processing, and individuals are
                          permitted to challenge and request a review of the processing if they believe the
                          rules are not being followed.

                                                            14/19

                                             1 Hutton Street, Standish, Wigan WN1 2XD
                                                     Company Number 08233588
   9   10   11   12   13   14   15   16   17   18   19