Page 66 - EQA Employee Handbook
P. 66

7.5.2. Where no such contract exists, data processor agreements are sought and maintained
               between EQA (Ireland) and any outstanding third-party contractors. In fulfilling this, EQA (Ireland)
               may refer to a template Data Processor Agreement (Doc. No. DPA 1) which addresses the
               requirements of Article 28 of the GDPR.

               7.5.3. Signed data processor agreements shall be retained in the Chief Executive’s ‘Contracts’ folder.
               7.6 Data Access Requests
               7.6.1. The data subject has the right to know and obtain communication relating to the following, all
               of which is documented within the personal data inventory:

                   •  The nature of the personal data;
                   •  The purposes for which the personal data is processed;
                   •  The period for which the personal data is processed;
                   •  The recipients of the personal data;
                   •  Whether the personal data has been or will be transferred outside of the European Union;
                   •  The logic involved in any automatic personal data processing and automated decision
                       making and, when based on profiling, the consequences of such data processing;
                   •  The right to request rectification or deletion of the personal data;
                   •  The right to make a complaint to the Data Protection Commissioner.

               7.6.2. It is the responsibility of EQA (Ireland) senior management to ensure the proper and timely
               review and granting of data access request. The granting of access requests can only be authorised
               by a director of EQA (Ireland).
               7.6.3. All documented information regarding the receipt of data access requests and the subsequent
               decision made towards granting said access shall be retained in an appropriately designated folder
               within the following Server directories.

                        Data Subject       Location

                        EQA Employee       \\SERVER\Administration\Data Protection Act\Data Access
                                           Requests

                        EQA Client*        \\SERVER\Correspondence\Certificates X to Y\Cert N

                        EQA Assessor       \\Server\eqa qms\Assessors\ASSESSOR_NAME\


                        EQA Technical      \\Server\eqa qms\Advisory Board\ADVISOR_NAME
                        Advisor


                        EQA Governing      \\Server\eqa qms\Governing Board
                        Board

                        Other              \\SERVER\Administration\Data Protection Act\Data Access
                                           Requests

               * In terms of a data access request, an EQA Client is any past or present employer or employee of an
               organisation  listed  on  EQA’s  database  of  clients  (including  Active,  Suspended,  Withdrawn  or
               Prospects).





                                                                                             Page 65 of 79
   61   62   63   64   65   66   67   68   69   70   71