What is GDPR?
The European Union General Data Protection Regulation (GDPR) is an overhaul of the previous Data Protection Directive, designed to give a consistent, standardised approach to the collection and use of of personal information across all European Union Member States. In each country has it’s own Supervisory Authority and in the U.K. this is the Information Commissioners Office (ICO) https://ico.org.uk/
What GDPR mean for me ?
Anybody (or company) responsible for collecting, controlling or processing your personal data will now be required to ensure there is a lawful reason for collection and processing it. Where you consent to your data being collected, your consent should also be freely and easily retracted. Controllers or Processors of your personal data need to ensure that only the necessary data required from you and that is retained and only for as long as it is required. Under normal circumstances, you have the right to access your data and you have the right to have it corrected, sent to you or deleted.
The sharing your personal data is also restricted. Your explicit consent being required if they wish to share your data with others or use it for any other purpose than it was originally collected (unless other lawful reasons for sharing the data apply, e.g. criminal activity or to act in your best interests).
Your rights in detail, GDPR and us at 101 IT
The right to be informed:
You have a right to understand when your personal data is being held and processed, even when this has been obtained indirectly.
The right of access:
You can request access to your personal data at any time to be aware of and verify the lawfulness of the processing, this is via a Subject Access Request (see below).
The right to rectification:
Your data can be easily rectified if inaccurate, incomplete or out of date etc. This can be done by submitting a written request to us.(see below).
The right to erasure:
Under qualifying criteria, you can request your data to be deleted where there is no lawful reason for its continued processing. Please refer to the GDPR regulation or ico.org.uk for full details.
The right to restrict processing:
Under qualifying criteria, you can request the processing of your data to be restricted. This means your data will still be held but not processed and may apply where information is inaccurate or if there is an objection over the lawfulness of the processing. Please refer to the GDPR regulation or ico.org.uk for full details. Please send your request in writing as per the below instructions.
Where data is restricted, 101 IT shall, where possible, also inform any involved 3rd parties of the restriction.
The right to data portability:
You can request personal data to be provided in order to reuse elsewhere and/or moved from one IT environment to another in a secure manner without hindrance. Please send your request in writing as per the below instructions.
The right to object:
Where processing of your data is taking place under certain purposes and no legitimate reason exists for this, you have the right to object. Please send your request in writing as per the below instructions.
Rights in relation to automated decision making and profiling:
Automated decision making, and profiling can only take place where consent or a lawful reason apply. Processors are also required to notify you when your data is processed by automated means and provide information about the processing and lawful reason for doing so. It should be straightforward for you to challenge or request intervention.
Accessing my Data – Subject Access Request
If you wish to make a request to access the personal data we hold, you must provide the following:
Application in writing – You will need to make a request in writing to DPO, 101 IT, 4100 Park Approach, Leeds LS15 8GB or via email to firstname.lastname@example.org
Proof of identity – You will need to provide proof of identity as part of your application. Please provide contact telephone numbers your identity will need to be confirmed via a callback from a member of our team for data protection purposes
Please include in your application:
The specific data you wish to access.
If you wish to apply to restrict, rectify, port, object or request erasure of your data, please submit your request in writing as above also including the qualifying circumstances that apply.
Please note in order to validate your request we will need to verify your identity for data protection purposes and where relevant, confirm the qualifying criteria.
Following Identity Verification 101 IT will provide the information and lawful basis for processing your data within one month of receipt. This will be in a format that is concise and intelligible and at no cost to you*
*We reserve the right to charge an administrative fee or refuse to respond for repeat, excessive and unfounded requests.