Policy General Data Protection Regulation (GDPR) Procedure

General Data Protection Regulation (GDPR) Procedure


Print Friendly and PDFPrint Friendly

Intent

This procedure describes the specific administrative arrangements in relation to the European Union’s (EU) General Data Protection Regulation (GDPR) and should be read in conjunction with the Information Privacy Policy and Information Privacy Statement - Collection, Use and disclosure of personal information.

Scope

This procedure applies to the personal data of all natural persons within the European Union (EU) or European Economic Area (EEA) and have specific rights afforded under the GDPR.

Definitions

Except as otherwise specified below, the meaning of terms used in this procedure are as per the Information Privacy Policy. Other terms used in this procedure may also be found in the Policy Glossary

Procedure

  1. In addition to the protections under the Information Privacy Act 2009 (Qld) and the Information Privacy Principles, if you are a EU or EEA resident you have a number of additional rights under the GDPR including the right to request access to, a copy of, correction of, restriction in the use of, erasure of or transfer to another data controller in an accessible format of personal information in accordance with all applicable laws, and subject to the limitations outlined in the GDPR.
  2. For individuals outside the EU/EEA and for data that was not collected within the EU/EEA, the erasure of your information shall be subject to the retention periods of applicable State and Federal law.
  3. If you have provided consent to the use of your information, you have the right to withdraw consent without affecting the lawfulness of the University's use of the information prior to receipt of your request. Please note we may not be able to grant your request in all circumstances.
  4. JCU will assist data subjects that are EU/EEA residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).
  5. To exercise any of the above rights, complete the form at Appendix 1 and return it to the Privacy and Data Protection Officer at secretariat@jcu.edu.au

Related policy instruments

Information Privacy Policy

Information Privacy Statement - Collection, Use and disclosure of personal information

Schedules/Appendices

Appendix 1 – GDPR Form - Information Access, Amendment and Other Rights

Related documents and legislation

Information Privacy Act 2009 (Qld)

Right to Information Act (Qld) 2009

Privacy Act 1988 (Cth)

European Union’s General Data Protection Regulation

Administration

Approval Details

Procedure Sponsor

Vice Chancellor

Version no

19-1

Date for next major review

12/06/2022

Revision History

Version

Approval date

Implementation date

Details

Author

19-1

12/06/2019

25/07/2019

Procedure established to provide for EU GDPR obligations

Chief of Staff

Keywords

Information, privacy, personal information, data breach, GDPR

Contact person

Chief of Staff, Vanessa Cannon