FAQs

 

What is a ‘data subject’?

A Data subject is any individual person or entity which can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity.


What rights do data subjects have?

Each Data Protection Law lists its own data subject rights, but in general these are:

  • The right to know how and why your data is collected and processed.

  • The right of access to your personal data being collected.

  • The right to correct inaccurate personal data.

  • The right to deletion of your personal data.

  • The right to restrict the processing of your personal data.

  • The right of data portability.

  • The right to object to collection of your data (withdraw consent).

What’s the difference between “Personal Data” and “Sensitive Personal Data”?

Personal Data is information that can be used to identify a person. Sensitive Personal Data is data related to a person that, if misused, can result in discrimination or loss of rights. This category includes items like: race, religion, ethnic origin, sexual preference, political opinions, etc.

What are ‘data protection principles?

The general data protection principles in Data Protection law are that your data must be:

  • Processed fairly and lawfully

  • Accurate and up to date

  • Process for specified, explicit, and legitimate purposes

  • Adequate, relevant, and not excessive in relation to the process

  • Kept for a time either specified by law or for no longer than necessary for the purpose it is being processed

What’s the difference between a “processor” and a “controller”?

A data processor is simply the one who processes personal data. A data controller is the ‘collector’. They are the ones responsible for determining the legal basis for collecting the personal data that data processors use.

We’re a small company, does Data Protection law apply to us?

Yes. Data Protection law applies to any person or organisation that processes personal data unless it’s for a personal or household reason. Data Protection law applies no matter how you collect the data (electronically or on paper) and no matter the size of your organisation.