You may have heard about the new legislation which is coming into effect in Europe this month which is entitled the General Data Protection Regulation (GDPR).
What is GDPR
Also known as General Data Protection Regulation, GDPR is a new European Framework which provides greater protection and rights to individuals on how their data can be used.
Introducing our new policy statement.
A new policy statement has been created as part of this update. In this statement we provide individuals with clear language to demonstrate our commitment to protect your rights and interests. For example, we will provide clarity on what data we have, who will have access to data and why we need it. We also provide detail on how we will use your data.
What data we have?
Who will have access to data?
Individuals who will have access to data include
Owners of websites and online courses developed and supported by PETAL.
Students participating in online learning activity hosted on a PETAL website.
Why we need this data?
It is important to note that PETAL will engage with certain service providers to perform certain services on its behalf which may involve the Processing of Personal Data, for example third parties that assist with distribution of PETAL resources such as learning activities and emails.
How we use your data?
To the extent that such processing is undertaken based on the instructions of Service users and gives rise to a Data Controller and Data Processor relationship, PETAL will ensure that such relationship is governed by a contract which includes the data protection provisions prescribed by Data Protection Commissioner.
We will obtain your Personal Data directly from you when you participate in online courses, when you sign up in person to a website activity for example to receive emails and through participant application forms.
As part of our record keeping obligations, PETAL retains a record of the individuals that we process data related activities on under its responsibility. This comprises the following description of the categories of data subjects detail:
Individual role – owner of website or subscriber of website
Where possible, the envisaged time limits for erasure of the different categories of data will be issued to the owners of websites and subscribers of websites.
Data Protection Law provides certain rights in favour of data subjects. The rights in question are as follows (the “Data Subject Rights”):
(a) The right of a data subject to receive detailed information on the processing of data by the Controller.
(b) The right of access to Personal Data.
(c) The right to rectify or erase Personal Data.
(d) The right to restrict processing;
(e) The right of data portability.
(f) The right of objection.
These Data Subject Rights will be exercisable by you subject to limitations as provided for under Data Protection Law. You may make a request to PETAL to exercise any of the Data Subject Rights by contacting PETAL
Your request will be dealt with in accordance with Data Protection Law.
Personal Data are held securely using a range of security measures including, as appropriate, using information technology measures such as encryption, and restricted access through approvals and passwords.
PETAL will notify the Data Protection Commission and affected data subjects in the case of certain types of personal data security breaches. Any Data Breaches identified in respect of Personal Data controlled by PETAL will be dealt with in accordance with Data Protection Law and PETAL procedure for data breach.
We will keep Personal Data only for as long as the retention of such Personal Data is deemed necessary for the purposes for which that Personal Data are Processed.