Data Subject Request Policy

1.   The rights of data subjects include the following:

  • Right of access to personal data by means of a subject access request;

  • Right to rectification of inaccurate data;

  • Right to erasure, otherwise known as the right to be forgotten;

  • Right to object to processing;

  • Right to restriction on processing;

2.     In order to respond to requests in a timely manner Julie Jennings & Associates Ltd recognises the importance of centralised efficient information management systems. It is reviewing how it organises and stores emails and texts so as to enable easy and efficient retrieval.

3.     Julie Jennings & Associates Ltd stores data in relation to each client, whether it be an organisation or individual, on a hardcopy and/or electronic files dedicated to the client. The files contain the evidence Julie Jennings & Associates Ltd has been provided with, together with identity check documents, and invoices and receipts. Relevant emails, letters and faxes are also stored on these files. 

4.     Identification records and special category personal data, such as medical records, are kept in a separate sub folder, distinct from the main file, whether the data is in hard copy or kept electronically. Hard copy files are stored in locked cabinets with access restricted to a need to know basis. Identification records and special category data are encrypted on electronic files, with similarly restricted access.

5.     Records relating to employees / sub-contractors (as relevant) are kept in individual files, with any medical or health related information separated into a sub folder. Hard copy files are kept in locked cabinets with restricted access. Electronic files also have restricted access and any medical or health data is encrypted.

6.     Julie Jennings is responsible for responding to requests from data subjects and must do so within one month. The period may be extended by a further two months where that is necessary. In these circumstances the data subject must be informed within one month that more time is needed and given the reason why.

7.     Requests from data subjects need not be in writing. There is no standard wording and they may be made casually over the telephone. On receipt of a request, Julie Jennings will log it in the data protection risk register.

8.     Julie Jennings may seek to obtain the data subject's agreement to limiting the request to what is being sought. Otherwise, all the data subject's personal data is covered and, in response to a subject access request for example, must be provided.

9.     On receipt of a request, Julie Jennings conducts a search of the relevant files, email folders and inboxes as necessary. It is important to remember how broad the definitions of personal data and processing are, and reference should be made to the data protection policy.

10.  Where a request for a copy of personal data is made electronically, it should be provided electronically.

11.  Any request for personal data relating to a legal case should be referred to Julie Jennings & Associates Ltd instructing solicitors to deal with.

12.  If Julie Jennings & Associates Ltd does not wish to accede to a request, legal advice will be sought.