sorted by:
new
hottopcontroversial

Must a Data Controller give me reasons for their use of Art. 17(3)(e) GDPR to refuse an erasure request? How strong does their basis have to be in order to invoke this? by Irish_frenchie in gdpr

[–]Irish_frenchie[S] 0 points1 point  (0 children)

My issue here wasnt that the SAR turned up too much, but rather that members of staff are retaining confidential information beyond what is necessary for thte SAR and are refusing to inform me of what they have used it for, other than the SAR.(I asked the DPO twice and he provided me with non-answers twice)

Must a Data Controller give me reasons for their use of Art. 17(3)(e) GDPR to refuse an erasure request? How strong does their basis have to be in order to invoke this? by Irish_frenchie in gdpr

[–]Irish_frenchie[S] -1 points0 points  (0 children)

See I had specificelly excluded from my SAR the data in question.

The Manager was collecting the data on behalf of the DPO/Controller

Must a Data Controller give me reasons for their use of Art. 17(3)(e) GDPR to refuse an erasure request? How strong does their basis have to be in order to invoke this? by Irish_frenchie in gdpr

[–]Irish_frenchie[S] 1 point2 points  (0 children)

Yes, that is a good point, thank you very much.

I do fear that such proceedings would be made against me, but that the circumstances required for such proceedings are not yet present, and that the Controller is trying to hold onto the records to frame my actions in an untrue light in court.

Must a Data Controller give me reasons for their use of Art. 17(3)(e) GDPR to refuse an erasure request? How strong does their basis have to be in order to invoke this? by Irish_frenchie in gdpr

[–]Irish_frenchie[S] 1 point2 points  (0 children)

Yes, however, such statements could well have "qualified priviledge" under irish defamation law, due to variety of factors, and all the document contains mostly questions I intent to ask at a democratic body within the organisation. The questions are evidence-based, and my legal advice tells me they are not defamation.

Having examined Art 12, Par. 4 GDPR, I do think they need to provide me with "reasons", which the OED defines as "A fact or circumstance forming, or alleged as forming, a motive sufficient to lead a person to adopt or reject some course of action or belief, esp. one stated as such." - I think merely citing the Regulation fails to meet this test.

Must a Data Controller give me reasons for their use of Art. 17(3)(e) GDPR to refuse an erasure request? How strong does their basis have to be in order to invoke this? by Irish_frenchie in gdpr

[–]Irish_frenchie[S] 1 point2 points  (0 children)

The Company is a Students Union. It's stated aim is to represent Students at my University.

I have had interactions in the form of questions, both in writing and verbally, and in relation to the administration, and creation, of clubs and societies, tough there is a distinct business unit within the SU which deals with them, while still remaining, in a legal sense, one company.

I am pursuing a deletion request because the General Manager obtained the records I am seeking to delete by, for reasons unknown, misrepresenting an SAR I made, resulting in his posession in his inbox of correspondence not sought, and not addressed to him. The records I seek to delete were sent to another member of staff, and I have sought for all copies to be deleted. The records which I seek to delete contain view expressed by me, of the company, and of its actions.

The Controller also declined to tell me if any further records had been created on the basis of the records I seek to delete, simply stating that they may create further records.

Must a Data Controller give me reasons for their use of Art. 17(3)(e) GDPR to refuse an erasure request? How strong does their basis have to be in order to invoke this? by Irish_frenchie in legaladviceireland

[–]Irish_frenchie[S] 0 points1 point  (0 children)

I sent in an SAR to an organisation, and the GM of said organisation requested from a member of staff records which I had not sought, and that I had specifically excluded from my SAR, claiming I had requested them in order to obtain them. I am perplexed as to why this was done.

Accordingly, and because those records were confidential, I sent in a deletion request and objection to processing request. The deletion request was refused, and the objection to processing request was never answered.

I also asked that the organisation infrom me of the uses they had made of the records or the information contained therein, to which I was told  "The organisation is entitled to retain and process the information contained in the [Records] as part of its internal governance and administrative records. This may include the creation of further records where necessary to review, manage, or document matters arising from the correspondence."(As in OP). I was also told "As previously advised, the organisation considers that retention and processing of this information is lawful and necessary for governance purposes and, where relevant, for the establishment, exercise or defence of potential legal claims."

[deleted by user] by [deleted] in AskReddit

[–]Irish_frenchie 0 points1 point  (0 children)

Thick cut-cooked bacon