Protection of Personal Data
Protection of personal data is a fundamental right set out in Article 8 of the EU Charter of Fundamental Rights:
- Everyone has the right to the protection of personal data concerning him or her.
- Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
- Compliance with these rules shall be subject to control by an independent authority.
General Data Protection Regulation (the GDPR)
The General Data Protection Regulation (the GDPR) is designed to give individuals more control over their personal data. The Credit Review Office became subject to the GDPR on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
Individual Rights under General Data Protection Regulation
Under the GDPR, individuals have the following rights:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling
Click here for a link to the Data Protection Commission’s publication Rights of Individuals under the GDPR.
Definition of Personal Data
The term “personal data” means any information relating to a living person who is identified or identifiable (such a person is referred to as a “data subject”).
A person is identifiable if they can be identified directly or indirectly using an “identifier”. The GDPR gives examples of identifiers, including names, identification numbers, and location data. A person may also be identifiable by reference to factors which are specific to their identity, such as physical, genetic or cultural factors.
How to submit a subject access request to Credit Review under the General Data Protection Regulation
You can submit a subject access request in writing by post or by email to:
Catherine Collins Data Protection Officer Credit Review Office
Eastpoint Business Park
email@example.com (please type FAO DPO in subject line of email)
Telephone: lo-call 1850211789
Your request should include the following:
- A statement that the request is being made under the General Data Protection Regulation
- As much information as possible about the subject matter of the access request
- In what format you wish to receive any records released (e.g. photocopies or electronically).
Proof of ID is required to process subject access requests, e.g. driver’s license or passport. Please note depending of the nature of the request additional ID maybe required. The Credit Review Office’s Data Protection Officer will discuss this requirement for additional ID if required prior to the request being processed.
Response time to a subject access request
Your subject access request will be acknowledged within five working days. A response to your request will be given no later than a month of receipt of the request. The one-month period may be extended by two further months, where necessary, taking into account the complexity and number of requests. In this case, the Credit Review Office shall inform you of any extension within one month of receipt of the request and the reasons for the delay.
If the Credit Review Office does not take action on foot of your request, The Credit Review Office must inform you without delay and, at the latest, within one month of receipt of your request, of:
- The reasons for not taking action;
- Your right to lodge a complaint with a supervisory authority and seek a judicial remedy.
Cost of submitting a subject access request
Your request will be dealt with free of charge. However, where requests from a data subject are considered ‘manifestly unfounded or excessive’ (for example where an individual continues to make unnecessary repeat requests or the problems associated with identifying one individual from a collection of data are too great) the Credit Review Office may:
- Charge a reasonable fee, taking into account the administrative costs of providing the information/ taking the action requested; or
- Refuse to act on your request.
Where the Credit Review Office refuses to respond to an access request or to charge a fee on this basis, the Credit Review Office shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
Catherine Collins Data Protection Officer
Credit Review Office
Eastpoint Business Park
firstname.lastname@example.org (please put ‘FAO DPO’ in subject line)
Telephone: local 1850 211789