The General Data Protection Regulation (GDPR) gives everyone these rights about their own personal information:

• To have a copy of it (Subject Access Request)
• To object to processing (right to object)
• To have errors corrected (right to rectification)
• Right to be forgotten (erasure)
• Right to restrict processing
• Right to portability
• Rights about automatic processing and profiling

Spotting data subject rights

• Requests can be in letters/emails/ phone calls.
• Requester doesn’t have to mention the DS right name or GDPR for it to be a request.
• If anyone asks for a copy of their information, or says our data about them is wrong, or wants us to delete it or stop processing (doing things) with information about them, then it is a Data Subject Rights request.

Important points

• The rights aren’t absolute: there are conditions and exemptions. Some rights can only be used in certain circumstances. So don’t make any promises about what we will do! Tell requester you will forward it on and give them the email address (see last slide).
• The ICO can take enforcement action against us if we don’t respond to a request within a month.
• The requester can take action against us if we don’t respond to a request within a month.
• A request is received by Camden even if the DP team aren’t given it, so forward it on straight away.

What to do with data subject requests

• Requests for copies of information we hold- a Subject Access Request: send to [email protected]
• All other requests send to: [email protected]
• If you’re not sure or want advice: [email protected]

More information is on our website