What information do members of the list include with responses to subject
access requests?
To accomodate the Section 7 (1b(ii)) requirements I include a copy of the
organisations notification with any subject access response.
Is this sufficient to identify to data subjects the purpose(s) for which the
data are processed?
If it is not, how do organisations with databases which are available to
many subsidiaries keep track of the purposes the subsidiaries may use the
data for, purposes which are within the scope of the notification?
Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|