Associate Handbook 2018

Rights of Data Subjects

As a Data Subject and an Associate of the Company, Associates should be aware of the rights of individuals. Under the GDPR an individual is entitled to be informed, by the Data Controller, of the following:

the identity of the Data Controller



 the purpose or purposes for which the data are intended to be processed; and

 any other information, which is necessary to enable the particular processing to be fair

 This information must be made available to the individual when the personal data is obtained, whether or not data was obtained from the data subject. The Act also gives Data Subjects rights to control the way their personal information is used, including the following;

the right to find out what information is held about them on computer and in some paper records. This is called the right of subject access;



 the right to prevent personal data being processed if it is likely to cause someone to suffer substantial damage or distress;

 the right to require the Data Controller not to use their personal data to market them with products, services or ideas;

 the right to prevent decisions being taken about them, which are based solely on automatic processing;

the right to have information amended or destroyed; and



 the right to compensation for suffered damage and distress as a result of a data controller failing to comply with the act.

Under the 1998 Act the Data Subject is entitled to be given, within 30 days of the request, a description of;

the data being processed;



the purposes for which it is processed;



any potential recipients of data; and



any information as to the source of the data (where available).



In certain circumstances individuals are denied their access rights, including the following situations;

 where the Data Controller would be obliged to disclose the personal data of another individual;