legislation – for sensitive personal information, those conditions are more stringent, as you would expect
2. Personal information shall be obtained only for one or more speci c and lawful purposes
3. Personal information shall be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed
4. Personal information shall be accurate and where necessary kept up to date
5. Personal information should be kept only as long as it is needed
6. Personal information shall be processed in accordance with the rights of data subjects
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
8. Personal information shall not be transferred to a country outside the EEA (European Economic Area), unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
WHAT RIGHTS DO INDIVIDUALS HAVE IN RELATION TO THE DPA?
The principle right that individuals have, is the right of subject access – which
is the right to request copies of all personal information that you hold about them. This information has to be provided within 40 days (30 from the 25 May 2018), unless a speci c exemption applies to that information. As trustees, you should ensure that you have a process in place for dealing with such requests. Ideally, a named individual will deal with them when they are received, and you should have in place a mechanism to review any decisions made, which will usually involve a review by trustee.
Individuals have other rights under the DPA – including the right to stop you doing anything with their personal information that is causing them damage or distress. New rights under GDPR include a right to have incorrect information amended, a right to have all information relating to an individual removed from the organisation, and a right to have copies of information in a format that is easily transferrable. You should ensure that you are aware of these rights, and could deal with a situation should it arise.
212 Chapter 11