General Data Protection Regulation
Thursday 17 May 2018
The General Data Protection Regulations (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU. GPDR came into effect across the EU on 25 May 2018 and will be replaced in the UK in the future by a new UK Data Protection Act.
The purpose of GDPR is to provide a set of standardised data protection laws across all the member countries. The principles are similar to those of the Data Protection Act 1998, with added detail at certain points promoting accountability and transparency.
Right to be Informed
Please see our privacy notices for each Optalis service which set out how we collect, use your personal information and how long we keep it for.
You are able to find out what information we hold about you, and to verify how it's being used. We are able to refuse requests when they are manifestly unfounded or excessive, in particular because they are repetitive. We can also charge a reasonable fee in these circumstances; otherwise, there is no fee involved.
What if information about me is inaccurate?
If you are aware of any information that we hold about you is inaccurate or incomplete, please notify us of this and provide what needs rectifying and any evidence that supports the changes needed.
What if I want information to be deleted or restricted?
You have the right to have personal information erased in certain circumstances. You may know of this as the 'right to be forgotten' or 'right to erasure'. If information cannot be deleted, then we may restrict the processing of the information instead.
How long do you have to comply with my request?
We have 1 month from the date of receipt to issue a response, and either release the information to you, make the changes required, or inform you as to why we are unable to comply. In complex cases we can extend this by 2 months but we will inform you within the 1 month period. Until further guidance is published, we consider 1 month to equate to 30 days.
To find out more about data protection see the Information Commissioner's Office website.
If you have any queries about GDPR / Data Protection, please contact our Data Protection Officer (email@example.com)