General Data Protection Regulations (GDPR):
Compliance with GDPR
Compliance with the data protection principles
Onchan District Commissioners must comply with the principles relating to processing personal data, irrespective of whether an entry in the register of controllers and processors is required or not.
The principles can be found in Article 5 of the Applied GDPR and are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
There is an overarching principle of accountability, and controllers must be able to demonstrate how they comply with the principles.
Further guidance on the data protection principles is on the Information Commissioners' website.
Compliance with the rights of individuals
Individuals have many rights under the data protection legislation; one of the most commonly exercised, the right of access to personal data, is explained briefly below.
This right can be exercised at any time by an individual. A written request, a “subject access request”, can be made and could extend to any records, correspondence, emails or CCTV images, about that
individual. Controllers are required to provide that individual with a copy of their personal data in within a strict timeframe.
Comprehensive guidance on dealing with a “subject access request”, and on the other rights, is on the website.
Information taken from the Isle of Man's Information Commissioners' Website