Privacy Rights Guidance

Logging and tracking requests

Your organisation logs receipt of all verbal and written requests from individuals and updates the log to track the handling of each request.

Resources

You have appropriate resources in place to handle requests from individuals about their personal information.

Errors or Omissions

Your organisation has appropriate systems and procedures to change inaccurate information, add additional information to incomplete records or add a supplementary statement where necessary.

Timely responses

You deal with requests from individuals in a timely manner that meets individual expectations and statutory timescales.

Monitoring and evaluating performance

Your organisation monitors how your staff handle requests and you use that information to make improvements.

Informing individuals & identifying requests

You inform individuals about their rights and all team members are aware of how to identify and deal with both verbal and written requests.

Privacy Concerns & Complaints

Your organisation has procedures to recognise and respond to individuals' complaints about information privacy & protection, and individuals are made aware of their right to complain.

Data portability

Individuals are able to move, copy or transfer their personal information from your organisation to another securely, without affecting the data.

Restriction

Your organisation has appropriate methods and procedures in place to restrict the processing of personal information, if required.

Erasure

You have appropriate methods and procedures in place within your organisation to delete, halt, or stop processing personal information, if required.

Rights related to automated decision-making and profiling

Your organisation can protect individual rights related to automated decision-making and profiling, particularly where the processing is solely automated with legal or similarly significant effects.