Data Protection Policy

9. Rights of individuals under the GDPR

9.1 The GDPR gives people rights in relation to how organisations process their personal data. Everyone who holds personal data on behalf of the IAP needs to be aware of these rights. They include (but are not limited to) the right:

  • (a) to request a copy of any personal data that we hold about them (as data controller), as well as a description of the type of information that we are processing, the uses that are being made of the information, details of anyone to whom their personal data has been disclosed, and how long the data will be stored (known as subject access rights);
  • (b) to be told, where any information is not collected from the person directly, any available information as to the source of the information;
  • (c) to be told of the existence of automated decision-making;
  • (d) to object to the processing of data where the processing is based on either the conditions of public interest or legitimate interests;
  • (e) to have all personal data erased (the right to be forgotten) unless certain limited conditions apply;
  • (f) to restrict processing where the individual has objected to the processing;
  • (g) to have inaccurate data amended or destroyed; and
  • (h) to prevent processing that is likely to cause unwarranted substantial damage or distress to themselves or anyone else.