General Data Protection Regulations

Onchan District Commissioners must comply with the principles relating to processing personal data, irrespective of whether an entry in the register of controllers and processors is required or not.

 The principles can be found in Article 5 of the Applied GDPR and are:

 Lawfulness, fairness and transparency
 Purpose limitation
 Data minimisation
 Accuracy
 Storage limitation
 Integrity and confidentiality 

There is an overarching principle of accountability, and controllers must be able to demonstrate how they comply with the principles.

Further guidance on the data protection principles is on the Information Commissioners' website.

The Authority's General Data Protection Policies and Procedures can be found below: 

Data Protection Policy

Data Subject Access Request ("DSAR") Policy

Data Subject Rights Policy

Compliance with the rights of individuals

Individuals have many rights under the data protection legislation; one of the most commonly exercised, the right of access to personal data, is explained briefly below.

This right can be exercised at any time by an individual. A written request, a “subject access request”, can be made and could extend to any records, correspondence, emails or CCTV images, about that

individual.  Controllers are required to provide that individual with a copy of their personal data in within a strict timeframe.

Comprehensive guidance on dealing with a “subject access request”, and on the other rights, is on the website.

Information taken from the Isle of Man's Information Commissioners' Website