Page 71 - EQA Employee Handbook Feb 2020 v1
P. 71

•  Where no such contract exists, data processor agreements are sought and maintained
                       between EQA (Ireland) and any outstanding third-party contractors. In fulfilling this, EQA
                       (Ireland) may refer to a template Data Processor Agreement (Doc. No. DPA 1) which
                       addresses the requirements of Article 28 of the GDPR.

                     Signed data processor agreements shall be retained in the Chief Executive’s ‘Contracts’ folder.
               7.6 Data Access Requests
               The data subject has the right to know and obtain communication relating to the following, all of
               which is documented within the personal data inventory:

                   •  The nature of the personal data;
                   •  The purposes for which the personal data is processed;
                   •  The period for which the personal data is processed;
                   •  The recipients of the personal data;
                   •  Whether the personal data has been or will be transferred outside of the European Union;
                   •  The logic involved in any automatic personal data processing and automated decision
                       making and, when based on profiling, the consequences of such data processing;
                   •  The right to request rectification or deletion of the personal data;
                   •  The right to make a complaint to the Data Protection Commissioner.

               It is the responsibility of EQA (Ireland) senior management to ensure the proper and timely review
               and granting of data access request. The granting of access requests can only be authorised by a
               director of EQA (Ireland).

               All documented information regarding the receipt of data access requests and the subsequent
               decision made towards granting said access shall be retained in an appropriately designated folder
               within the following Server directories.

                         Data Subject       Location

                         EQA Employee       \\SERVER\Administration\Data Protection Act\Data Access
                                            Requests

                         EQA Client*        \\SERVER\Correspondence\Certificates X to Y\Cert N

                         EQA Assessor       \\Server\eqa qms\Assessors\ASSESSOR_NAME\

                         EQA Technical      \\Server\eqa qms\Advisory Board\ADVISOR_NAME
                         Advisor

                         EQA Governing      \\Server\eqa qms\Governing Board
                         Board

                         Other              \\SERVER\Administration\Data Protection Act\Data Access
                                            Requests

               * In terms of a data access request, an EQA Client is any past or present employer or employee of an
               organisation  listed  on  EQA’s  database  of  clients  (including  Active,  Suspended,  Withdrawn  or
               Prospects).






                                                                                             Page 70  of 85
   66   67   68   69   70   71   72   73   74   75   76