There are certain rights given to data subjects under DPA and the same has been incorporated under chapter 3 of the same act. In today’s article, we will discuss the rights of Data subject and they are-
- General duties of Controller to make the information available (s.44)
- Right of access by the data subject (s. 45)
- Right to the rectification of personal data
- Right to erasure of personal data
- Restriction on the processing of personal data
1) general duties of the controller to make the information available (s.44)
Chapter 3 of DPA explicitly speaks of the Rights of data subjects and under section general duties of the controller is mentioned which forms as a right of data subject to have the information available. This right has dual nature as it confers a duty upon the controller on one hand and forms as a right to the data subject on other hand. Section 44 mandates the controller to make available to data subjects the following information-
- the identity and the contact details of the controller
- the contact details of the data protection officer (where applicable)
- let the data subject know the purposes for which the controller process the personal data
- let the data subjects know the existence of their right to request from the controller
- let the data subjects know the existence of their right to lodge a complaint with the commissioner and the contact details of the commissioner.
In specific cases to enable the exercise of a data subject’s rights under part 3 and chapter 3 of DPA, give the data subject the following information-
- about the legal basis of the processing
- the retention period for which the data will be stored and also about the criteria to determine that period
- about the categories of recipients of the personal data including the recipient in third countries or international organisations (where applicable)
- about any further information necessary to enable the exercise of the rights of the data subject.
Please note that controller may restrict these rights, wholly or partly, having regard to the fundamental rights and legitimate interest of the data subject to avoid obstructing an official or legal inquiry, investigation or procedure; avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences of the execution of criminal penalties; protect public security; protect national security, protect the rights and freedom of others.
In case the rights of the data subjects are restricted (wholly or partly), the controller must inform the data subject without unreasonable delay stating the reasons for such restrictions.
Picture Credit- https://dataprivacymanager.net/