Data Protection /GDPR

Data Protection Statement

Data Protection is the safeguarding of the privacy rights of individuals (Data Subject) in relation to the processing of personal data.  Personal data means information relating to a living individual who is or can be identified from the data that is in possession of the public body.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation comes into force on the 25th May 2018, replacing the existing data protection framework. GDPR protects the privacy rights of individuals and places further requirements on organisations to safeguard the rights of individuals in relation to the processing of their personal data, and sets out obligations in relation to the obtaining, collecting, recording, keeping data, organising, storing, retrieving, disclosing, transmitting and retention of personal information.

Western Care Association has a responsibility to demonstrate compliance with the requirements of GDPR and to ensure that personal data is:
  • Processed in a lawful, fair and transparent manner
  • Processed in ways compatible with the purpose for which it was given to you initially 
  • Adequate, relevant and limited in terms of processing 
  • Kept accurate, complete and up to date 
  • Retained no longer than necessary for the specified purpose or purposes
  • Kept safe and secure
Being transparent and providing information to individuals about how you use their personal data is a key requirement of the EU General Data Protection Regulation (GDPR).

The primary principle of our Records Management practice is that the person /family has access to their information in the first instance by right.
 
Western Care Association supports the right of an individual and the family of a minor to see what information is held about him or her within the organisation. As a matter of policy and good practice and in line with legislation, all information about a person or family should be shared with them in the first instance unless there is a clear reason not to do so.   If it emerges that sensitive information or exempted information is contacted in the files, the person/ family will be advised and supported to apply through the Freedom of Information routine.

GDPR provides similar rights of access as the FOI Act, the main difference being that GDPR does not apply to records of deceased persons. As with the FOI Act, these rights extend to your own personal records and in specific circumstances, to those of your children. There are exemptions provided for in the Act, this means that there are specific circumstances when the requested information will not be released. If any of these exemptions are used to withhold information, the reasons will be clearly explained to you.

Data Subject Request

You can access your records by submitting a written Data Subject Access Request to the Data Protection Officer, Western Care Association, John Moore Road, Castlebar, enclosing proof of identity, such as a driving licence of passport.   Records will be subject to applicable exemptions. 
 

Entitlements under the GDPR:

  • A decision will, in normal circumstances, be issued within 30 days of receipt of your request
  • Details of your entitlement to complain to the Data Protection Commissioner will be included in the decision letter