The General Data Protection Regulation (GDPR) is essentially a new Data Protection framework that applies across the EU from 25 May 2018.
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
Under the General Data Protection Regulation (EU) 2016/679, the Mater Misericordiae University Hospital is a “Controller” in respect to personal data that you provide to us. For information on GDPR, you can visit the Data Protection Commissioner website here.
GDPR is based on the core principles of data protection. These principles require organisations and businesses to:
• collect no more data than is necessary from an individual for the purpose for which it will be used
• obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose
• retain the data for no longer than is necessary for that specified purpose
• to keep data safe and secure
• provide an individual with a copy of his or her personal data if they request it
Under the GDPR individuals have the significantly strengthened rights to:
• obtain details about how their data is processed by an organisation or business
• obtain copies of personal data that an organisation holds on them
• have incorrect or incomplete data corrected
• have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data
• obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability)
• object to the processing of their data by an organisation in certain circumstances
• not to be subject to (with some exceptions) automated decision making, including profiling
The term ‘personal data’ means any information relating to an identifiable person (called a data subject) who can be directly or indirectly identified, in particular by reference to an identifier. This definition provides for a range of personal identifiers which can includes name(s), identification number(s), location data or online identifier (e.g. IP address).
The GDPR provides the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure/right to be forgotten
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
The Data Protection Commissioner has a useful Guide to the Rights of Individuals under the General Data Protection Regulation (GDPR) available here
Yes, you can see your information on request. Just contact us by email at firstname.lastname@example.org. Alternatively, you can fill out our Subject Access Request Form. We will need to confirm your identity before we release the information.
If you are unhappy with our response to your request, you can contact the Data Protection Commission:
Data Protection Commission
Tel: 1890 252 231