The General Data Protection Regulations (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU. GPDR came into effect across the EU on 25 May 2018 and will be replaced in the UK in the future by a new UK Data Protection Act.
The purpose of GDPR is to provide a set of standardised data protection laws across all the member countries. The principles are similar to those of the Data Protection Act 1998, with added detail at certain points promoting accountability and transparency.
Right to be Informed
Please see our privacy notices for each Optalis service which set out how we collect, use your personal information and how long we keep it for.
Freedom of Information (FOI)
The Freedom of Information Act 2000 provides public access to information held by public authorities, including Optalis. Public authorities are obliged to publish information about their activities; and members of the public are entitled to request information from public authorities. Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.
The Act does not give people access to their own personal data (information about themselves) such as their health records or credit reference file. A subject access request under the Data Protection Act is needed to obtain this, and can do so by contacting our Data Subject Access Request Team via email@example.com For FoI requests, please contact FOIrequests@Optalis.org. Please read the information below.
Data Subject Access Requests
You are able to find out what information we hold about you, and to verify how it's being used. We are able to refuse requests when they are manifestly unfounded or excessive, in particular because they are repetitive. We can also charge a reasonable fee in these circumstances; otherwise, there is no fee involved. Please contact our Data Subject Access Request Team via firstname.lastname@example.org.
What if information about me is inaccurate?
If you are aware of any information that we hold about you is inaccurate or incomplete, please notify us of this and provide what needs rectifying and any evidence that supports the changes needed.
What if I want information to be deleted or restricted?
You have the right to have personal information erased in certain circumstances. You may know of this as the 'right to be forgotten' or 'right to erasure'. If information cannot be deleted, then we may restrict the processing of the information instead.
How long do you have to comply with my request?
We have 1 month from the date of receipt to issue a response, and either release the information to you, make the changes required, or inform you as to why we are unable to comply. In complex cases we can extend this by 2 months but we will inform you within the 1 month period. Until further guidance is published, we consider 1 month to equate to 30 days.
To find out more about data protection see the Information Commissioner's Office website.
If you have any queries about GDPR / Data Protection, please contact our Data Protection Team on DPA@Optalis.org