Good explanation and well balanced between the needs of a 'data controller' and 'data subject'. This is a vital topic that more people need to understand in order to create more transparent data architecture. Let the light in, I say!
You need to do a subject access request to each organization. You can send the same letter. Keep it simple, provide your details and explain that you’d like a copy of your records under as per your right under the GDPR. They may ask for confirmation of ID or dates. I’d also title your email Subject Access Request. Good luck
I was refused my SARS from the care home my mother was in. The CEO of the we care group told me I know nothing about the law and will only deal with me through solicitors. I told him what I was entitled to and they have 28 days to respond which they had not.
As long as you had either appropriate power of attorney or written permission to act on your mothers behalf, the request should not have been refused. In instances such as this, I always recommend being clear, providing what documentation you have and if all else fails, talking to the ICO as they can help you.
It very much depends on the circumstances. Most searches in an employment context are carried out without people knowing but if the data relates to an opinion or comment formed about you by someone else, there are situations where that persons consent may be sought before it is released to you.
@@lishkaheaney7324 My understanding is that it is illegal for a company/an organisation to delete data collected in the course of its normal business, even (or maybe especially!) once in receipt of a DSAR. I got this info from the ICO website which is user-friendly, in plain English and informative. It is prudent to remind the entity who holds the info when requesting DSAR and refer them to the IOC website. The requirement for a company to hold records is also a requirement under Company Law, so that may need a gentle reminder too. Good luck!
Good explanation and well balanced between the needs of a 'data controller' and 'data subject'. This is a vital topic that more people need to understand in order to create more transparent data architecture. Let the light in, I say!
Regardless of how well you might know or preach about a subject, there is always more to learn - thanks Rich
High praise indeed, thanks Phil!!
Thanks so much Rich, really useful to hear this
Thank you for the inspiration for the episode! :)
Excellent explanation!
Thank you!
I loved the video, so insightful!
Thank you!
Many thanks Rich > appreciated
How do i get all data held on record held about me examples prison doctors work schools etc
You need to do a subject access request to each organization. You can send the same letter. Keep it simple, provide your details and explain that you’d like a copy of your records under as per your right under the GDPR. They may ask for confirmation of ID or dates. I’d also title your email Subject Access Request. Good luck
I was refused my SARS from the care home my mother was in. The CEO of the we care group told me I know nothing about the law and will only deal with me through solicitors. I told him what I was entitled to and they have 28 days to respond which they had not.
As long as you had either appropriate power of attorney or written permission to act on your mothers behalf, the request should not have been refused. In instances such as this, I always recommend being clear, providing what documentation you have and if all else fails, talking to the ICO as they can help you.
Thank you.
If the data I require is from a third person ( ie a colleague) will they know?
It very much depends on the circumstances. Most searches in an employment context are carried out without people knowing but if the data relates to an opinion or comment formed about you by someone else, there are situations where that persons consent may be sought before it is released to you.
@@iSTORMDiaries can you tell me what stops an employee from deleting the texts/emails after you've asked for data subject access?
@@lishkaheaney7324 My understanding is that it is illegal for a company/an organisation to delete data collected in the course of its normal business, even (or maybe especially!) once in receipt of a DSAR. I got this info from the ICO website which is user-friendly, in plain English and informative. It is prudent to remind the entity who holds the info when requesting DSAR and refer them to the IOC website. The requirement for a company to hold records is also a requirement under Company Law, so that may need a gentle reminder too. Good luck!