Privacy Rights Guidance
Logging and tracking requests
Your organisation logs receipt of all verbal and written requests from individuals and updates the log to track the handling of each request.
Resources
You have appropriate resources in place to handle requests from individuals about their personal information.
Errors or Omissions
Your organisation has appropriate systems and procedures to change inaccurate information, add additional information to incomplete records or add a supplementary statement where necessary.
Timely responses
You deal with requests from individuals in a timely manner that meets individual expectations and statutory timescales.
Monitoring and evaluating performance
Your organisation monitors how your staff handle requests and you use that information to make improvements.
Informing individuals & identifying requests
You inform individuals about their rights and all team members are aware of how to identify and deal with both verbal and written requests.
Privacy Concerns & Complaints
Your organisation has procedures to recognise and respond to individuals' complaints about information privacy & protection, and individuals are made aware of their right to complain.
Data portability
Individuals are able to move, copy or transfer their personal information from your organisation to another securely, without affecting the data.
Restriction
Your organisation has appropriate methods and procedures in place to restrict the processing of personal information, if required.
Erasure
You have appropriate methods and procedures in place within your organisation to delete, halt, or stop processing personal information, if required.
Rights related to automated decision-making and profiling
Your organisation can protect individual rights related to automated decision-making and profiling, particularly where the processing is solely automated with legal or similarly significant effects.