You are:

Tryingglassesc

 

Data protection

Introduction 

We are a Data Controller (registered with the Information Commissioner’s Office, number Z5718812) and are responsible for determining the purpose of data that is collected and the means by which it is processed.

The DPA has two aims:

To protect the individuals’ fundamental rights and freedoms, notably privacy rights, in respect of personal data processing; and

To enable organisations to process personal information in the course of legitimate business

The DPA stipulates how we collect and process personal data in a lawful way, which is fair to the individuals the information is about (the data subjects) and meets their reasonable expectations. Processing includes virtually anything that can be done to information, including acquisition, storage and destruction.

We are committed to complying with the eight Data Protection Principles. These Principles (which are set out in Schedule 1 of the Act) require that personal information is handled as follows:

Principle 1 – It shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
Principle 2 – It shall be obtained only for one or more specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose or those purposes
Principle 3 – It shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
Principle 4 – It shall be accurate, and where relevant, kept up to date
Principle 5 – It shall not be kept longer than necessary for that purpose or those purposes
Principle 6 – It shall be processed in accordance with the rights of the data subjects under the Act
Principle 7 – Appropriate technical and organisational measures shall be taken against unauthorised loss or destruction of, or damage to personal data.
Principle 8 – It shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Your rights under the DPA

Individuals have the right, upon written request, to be informed:

  • Whether or not information about them is being processed by us
  • To be given a description of the information
  • The purpose of our processing and to whom it may be disclosed, and
  • To be provided with the information we hold in an intelligible form

Individuals may request:

  • That we stop processing their personal data if the processing would cause them or anyone else any unjustifiable damage or substantial distress.
  • That we stop using data for direct marketing purposes
  • Compensation if they have suffered damage and distress as a result of us failing to comply with the Act.
  • That the ICO investigate and assess whether we have breached the Act.

Subject Access Requests (SAR)

If you want to make a request to see your personal data this is called a subject access request and we are allowed to charge you a fee of up to £10 before providing the information to you.

There are a number of exemptions under the DPA which may mean we are unable to disclose some of the information you want. Some examples of these exemptions are:

  • Personal data about somebody else or information that would identify somebody else
  • Information that may prejudice the way we carry out our regulatory activities
  • Information that attracts legal professional privilege
  • Examination scripts
  • Crime and Taxation (if disclosure could prejudice matters such as the prevention or detection of crime)

If your personal data has other information amongst it that would not be appropriate to release to you (for example, other people’s information), we will blank out or “redact” this. This means that you might receive documents that have blanked-out sections.

If we are unable to give you your personal data we will tell you why it has been withheld unless the DPA also exempts us from having to confirm or deny its existence.

Please send your request in writing to us together with the £10 fee (cheque or postal order) describing the information you want. It would be helpful if you could clearly mark your mail “Subject Access Request”.

Requests should be sent to:

Compliance Team
General Optical Council
10 Old Bailey
London
EC4M 7NG
or by email to: foi@optical.org

We will deal with your request as quickly as possible, normally within the 40 calendar days limit set by the DPA. The 40 days will start after payment of the fee. You may also be asked to supply proof of your identity.

Acrobat Reader icon Information Governance Framework and Policies - Handbook
 

Content Panels

Search our registers

Search our registers

Find a registered individual practitioner or business.

Hearings

Hearings

Information about our upcoming fitness to practise hearings.

Our Council

Our Council

The General Optical Council is composed of 12 members

Working for us

Working for us

Healthcare regulation in the UK is currently undergoing reform and modernisation – so this is an exciting time to join us.