Data protection is the means by which the privacy rights of individuals are safeguarded in relation to the processing of their personal data. The General Data Protection Regulation under the EU Data Protection Directive confer rights to individuals as well as placing responsibilities on entities processing personal data. The requirements of the General Data Protection Regulation under the EU Data Protection Directive apply to all legal entities within Irish jurisdiction whether Government, private, voluntary or charitable, that controls personal data.
The Regulations place obligations on such entities in terms of how they process personal data. One of these obligations is to give a person a copy of their personal data on request. This right to access personal data is subject to very limited exemptions. For further details, please refer to: www.dataprotection.ie
As a data controller TII has the following responsibilities in relation to personal data
- Obtain and process the information fairly;
- Keep it only for one or more specified and lawful purposes;
- Process it only in ways compatible with the purposes for which it was given to you initially;
- Keep it safe and secure;
- Keep it accurate and up-to-date;
- Ensure that it is adequate, relevant and not excessive;
- Retain it no longer than is necessary for the specified purpose or proposes; and
- Give a copy of his/her personal data to any individual, on request.
Under the General Data Protection Regulations, each person has the right to data protection when their details are:
- Held on a computer;
- held on paper or other manual form as part of a filing system; and
- Made up of photographs or video recordings of your image or recordings of your voice.
How to make a Subject Access Request
Should an individual request access to their personal information that the TII holds, under the EU Data Protection Directive, they have a right to find out
- If the TII holds information pertaining to them;
- To be given a description of such information;
- To be told the purpose(s) for holding such information;
- To get a copy of their personal information in full;
- To know where the information was obtained;
- How has their information been used; and
- If the information has been passed on to anyone else.
The request must be made in writing; for example:
“I wish to make an access request under the General Data Protection Regulation for a copy of any information you keep about me, on computer or in manual form. I am making this request under the EU Data Protection Directive”
Each subject access request carries a charge of €6.35. The data controller is entitled to ask for evidence of identity. Once the request, fee and proof of identity have been received we will forward the data we hold to you as soon as possible and in any event not more than 40 days after receipt of valid request.