Data Protection Policy

9. Rights of individuals under the GDPR

9.1 The GDPR gives people rights in relation to how organisations process their personal data. Everyone who holds personal data on behalf of the IAP needs to be aware of these rights. They include (but are not limited to) the right:

• (a) to request a copy of any personal data that we hold about them (as data controller), as well as a description of the type of information that we are processing, the uses that are being made of the information, details of anyone to whom their personal data has been disclosed, and how long the data will be stored (known as subject access rights);
• (b) to be told, where any information is not collected from the person directly, any available information as to the source of the information;
• (c) to be told of the existence of automated decision-making;
• (d) to object to the processing of data where the processing is based on either the conditions of public interest or legitimate interests;
• (e) to have all personal data erased (the right to be forgotten) unless certain limited conditions apply;
• (f) to restrict processing where the individual has objected to the processing;
• (g) to have inaccurate data amended or destroyed; and
• (h) to prevent processing that is likely to cause unwarranted substantial damage or distress to themselves or anyone else.

Click on the links below for other sections of the IAP Data Protection Policy:

1. Purpose of the policy

2. About this policy

3. Definitions of data protection terms

4 Data protection principles

5. Processing data fairly and lawfully

6. Processing data for the original purpose

7. Personal data should be adequate and accurate

8. Not retaining data longer than necessary

9. Rights of individuals under the GDPR

10. Data security

11. Transferring Data Outside the EEA

12. Processing sensitive personal data

13. Notification

14. Monitoring and review of the policy