Préstamos Enisa

Préstamos Enisa Las líneas Enisa se centran en emprendedores y empresas con proyectos innovadores, sea cual sea su sector. Sus condiciones son inmejorables: - No solicitan garantías. - Importe máximo de 1,5 millones de euros. - Muy flexibles, se pueden adaptar a toda clase de proyectos. Si quieres saber algo más, sigue el siguiente enlace y te llamamos. Haz clic aquí para que te llamemos. El equipo de Iberfinancia

Re: MACRAO F18 Agenda

HI Heather;

 

I don’t believe (my fault I think) that while approved, the MACRAO bylaws that now include a technology office one year position were officially updated on the web.  Here is the copy of the update that was approved.

 

charity

 

Charity Walters| Registrar and Director of Institutional Research | The University of Montana Western | 710 South Atlantic Street | Dillon, Montana 59725 |
Phone 406.683.7471

“Start by doing what is necessary; then do what’s possible; and suddenly you are doing the impossible.” St. Francis of Assisi

 

From: MACRAO Listserv <MACRAO@LISTSERV.GFCMSU.EDU> On Behalf Of Eggum, Heather A
Sent: Friday, September 28, 2018 11:22 AM
To: MACRAO@LISTSERV.GFCMSU.EDU
Subject: MACRAO F18 Agenda

 

Good morning!

 

I’ve attached the agenda (I don’t want say it’s “final” because I don’t want to jinx it) for the meeting next week.  It now includes location information, dinner information, and webex details for folks who’d like to use that service.  I’ve also attached a FVCC campus map.  Please let me know if you have any other questions and enjoy your weekend!  See you next week!

 

Heather A. Eggum

Associate Registrar

Montana State University Billings

Admissions & Records Office

1500 University Drive

Billings, MT 59101

406-657-1784 (P)

406-657-2302 (F)

heggum@msubillings.edu

 

 

---

To unsubscribe from the MACRAO list, click the following link:
http://listserv.gfcmsu.edu/scripts/wa.exe?TICKET=NzM2OTk1IENoYXJpdHkuV2FsdGVyc0BVTVdFU1RFUk4uRURVIE1BQ1JBT5MaYppUoENP&c=SIGNOFF

MACRAO F18 Agenda

Good morning!

 

I’ve attached the agenda (I don’t want say it’s “final” because I don’t want to jinx it) for the meeting next week.  It now includes location information, dinner information, and webex details for folks who’d like to use that service.  I’ve also attached a FVCC campus map.  Please let me know if you have any other questions and enjoy your weekend!  See you next week!

 

Heather A. Eggum

Associate Registrar

Montana State University Billings

Admissions & Records Office

1500 University Drive

Billings, MT 59101

406-657-1784 (P)

406-657-2302 (F)

heggum@msubillings.edu

 

FEI: Fondos europeos

Línea FEI - Iniciativa Pymes con fondos europeos: FEDER, Horizonte 2020, FEI y BEI. Para Pymes y autónomos constituidos y que operen en España. Importe máximo: 12,5 millones por Pyme. Al tratarse de líneas con garantía del FEI cuentan con condiciones preferentes. Quiero saber más sobre FEI Somos tu oportunidad de acceder a fondos europeos. Contáctanos de 9 a 16 horas en el 981 90 49 49 o te contactamos nosotros Déjanos tus datos Sobre nosotros Somos un socio estratégico para tu empresa. Atendemos a empresas y autónomos de toda España. Servicios genéricos Plan económico Arbitraje financiero Factoring sin recurso Tramitación de avales RAI/ASNEF Otros servicios Subvenciones Marketing Fiscal laboral y contable Hacienda y S.S. Análisis de clientes

Estudio de viabilidad (para empresas)

Hola, Iberfinancia es la empresa española líder en intermediación financiera para pymes. Antes de empezar a trabajar con una empresa siempre hacemos un estudio de su situación y su proyecto para decidir como podemos ayudarle a conseguir sus objetivos. Queremos que todas las empresas posibles se beneficien de estos estudios de viabilidad (por escrito, gratuitos y sin compromiso), así que me he puesto en contacto contigo para ver si te interesa. ¿Quieres que te ayudemos a conseguir los objetivos que has marcado para tu empresa? Sigue el siguiente enlace y te llamaré en cuanto pueda. Haz clic aquí para que te llame. Espero que hablemos pronto. Un saludo, Alba

Webex for Upcoming MACRAO Meeting

Hi Everyone!

 

We want to make sure as many people as possible can attend our upcoming meeting, either in person or virtually.  I’ve arranged the following Webex meetings for those who will be unable to physically attend.  All you have to do is click “Join Webex Meeting” and plug in the access code when calling in.  Please let me know if you have any questions- I’m happy to help you figure out how to use Webex if you’re new to the tool.

 

Here is the webex meeting info for Thursday:

-- Do not delete or change any of the following text. --  
 
 
Join Webex meeting  
Meeting number (access code): 925 986 822
Meeting password: 9aenfRBS 
 

Join by phone 
+1-855-797-9485 US Toll free 
+1-415-655-0002 US Toll 
Toll-free calling restrictions  
 
Can't join the meeting?
 
If you are a host, go here to view host information.

IMPORTANT NOTICE: Please note that this Webex service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.

 

And here is the webex meeting info for Friday!

-- Do not delete or change any of the following text. --  
 
 
Join Webex meeting  
Meeting number (access code): 925 127 098
Meeting password: SpcJYaEs 
 

Join by phone 
+1-855-797-9485 US Toll free 
+1-415-655-0002 US Toll 
Toll-free calling restrictions  
 
Can't join the meeting?
 
If you are a host, go here to view host information.

 

Go Cats!

 

Kandi Gresswell

Associate Registrar

Montana State University

101 Montana Hall

PO Box172660

406.994.2603

Pronouns: She/Her/Hers

 

Fall 2018 MACRAO Meeting

Hello!

In just two short weeks we will be meeting in Kalispell for our Fall 18 meeting!  If you haven’t already done so, please be sure to register (follow link below).  I’ve attached a draft agenda.  If you have any edits or suggestions please feel free to get those to Tony and me.  I believe that we have incorporated suggestions already received but let us know if you see something missing.  Thanks!

 

Heather A. Eggum

Associate Registrar

Montana State University Billings

Admissions & Records Office

1500 University Drive

Billings, MT 59101

406-657-1784 (P)

406-657-2302 (F)

heggum@msubillings.edu

 

From: MACRAO Listserv <MACRAO@LISTSERV.GFCMSU.EDU> On Behalf Of Eggum, Heather A
Sent: Friday, August 17, 2018 10:26 AM
To: MACRAO@LISTSERV.GFCMSU.EDU
Subject: FW: Fall 2018 MACRAO Meeting Email

 

Good morning MACRAO folks!

 

Below is a link with all of the details for the Fall 2018 meeting (October 4-5 in Kalispell) including registration, hotels, parking, and dinner!  Thank you so much to Amy at FVCC for pulling together all of the details!

 

http://www.macraomontana.org/macrao-conference.html         

 

Let me know if you have any questions and have a fantastic weekend!

 

Heather A. Eggum

Associate Registrar

Montana State University Billings

Admissions & Records Office

1500 University Drive

Billings, MT 59101

406-657-1784 (P)

406-657-2302 (F)

heggum@msubillings.edu

 

 

---

To unsubscribe from the MACRAO list, click the following link:
http://listserv.gfcmsu.edu/scripts/wa.exe?TICKET=NzM2OTUzIGplbi5hbmRlcnNvbnJpY2htb25kQE1TTy5VTVQuRURVIE1BQ1JBT24ocq4NMOtX&c=SIGNOFF

 

---

To unsubscribe from the MACRAO list, click the following link:
http://listserv.gfcmsu.edu/scripts/wa.exe?TICKET=NzM2OTUzIGhlYXRoZXIuZWdndW1ATVNVQklMTElOR1MuRURVIE1BQ1JBT%2B1d9o4Hfq5R&c=SIGNOFF

 

---

To unsubscribe from the MACRAO list, click the following link:
http://listserv.gfcmsu.edu/scripts/wa.exe?TICKET=NzM2OTUzIENoYXJpdHkuV2FsdGVyc0BVTVdFU1RFUk4uRURVIE1BQ1JBT2hsLR3IZrM1&c=SIGNOFF

 

---

To unsubscribe from the MACRAO list, click the following link:
http://listserv.gfcmsu.edu/scripts/wa.exe?TICKET=NzM2OTUzIGhlYXRoZXIuZWdndW1ATVNVQklMTElOR1MuRURVIE1BQ1JBT%2B1d9o4Hfq5R&c=SIGNOFF

Re: Residency issues for MACRAO conversation

Thanks, Tony.  I think these are ALL great discussion points that will be hugely beneficial to us at Montana Tech.

 

Leslie Dickerson

Montana Tech

Registrar/Director of Enrollment Services

(406) 496-4879

ldickerson@mtech.edu

 

From: MACRAO Listserv [mailto:MACRAO@LISTSERV.GFCMSU.EDU] On Behalf Of Campeau, Tony
Sent: Monday, September 10, 2018 1:49 PM
To: MACRAO@LISTSERV.GFCMSU.EDU
Subject: Residency issues for MACRAO conversation

 

Hello,

In addition to discussing the residency questionnaire and the possibility of some centralized resources (maybe a common residency page that all schools could link to as a residency guide) we are hoping to have a discussion on some specific sticking points.  Below is a list of issues we are going to offer as prompts for the discussion.  If you have other suggestions, please get them to me by the end of the week.

 

Thanks

 

Residency Issues

This document is to track complicated Residency petitions issues that we can ask Board of

Regents legal counsel before the next MACRO presentation.

1. The yearlong process requires a student to be financially independent (51%) from the parents. If the parent deposits money for the year of tuition one day before the year - long process begins...does that count for or against the student's financial independence. How much reporting documentation is collected to establish 51% (parent plus loans are the obvious check, but what about a car registered in another

state to the parent – how should that be addressed?)

2. If a student completed their tax returns but did not “sever all legal ties (didn’t get a driver’s license, voter registration, or vehicle registration) ” within the 6 month requirement of the state, can we award in-state residency based on the in-state taxes?
3. 6 credit limit doesn’t allow for some benefits of the University (military requires 7 for housing allowance, some courses are 4-credit). How stringent is the policy? Can students take 7 credits one semester and 5 the next?
4. Out of state parent claims student as a dependent but the student is residing with in-state parent while going to school and that parent is paying tuition?
5. Must a student register their vehicle if owned by parent?
6. Montana Taxes are identified as a means to “start the clock ticking” can we use the date claimed as “part year resident and the self-reported residency began field” as the start date?
7. How strict are we on guidelines. Do you have to get your drivers license within 6-months or just prior to filing for residency (assuming other documentation is in order)?
8. What about staying in the dorms. Is it reasonable to say that you didn’t come here for educational purposes if you are staying in the dorm?

 

 

Tony Campeau

Registrar

Montana State University

406.994.2604

 

RESPECT … INTEGRITY … STUDENT SUCCESS … EXCELLENCE

 

 

---

To unsubscribe from the MACRAO list, click the following link:
http://listserv.gfcmsu.edu/scripts/wa.exe?TICKET=NzM2OTc3IGxkaWNrZXJzb25ATVRFQ0guRURVIE1BQ1JBT5QDeDd%2B%2FHFW&c=SIGNOFF

Residency issues for MACRAO conversation

Hello,

In addition to discussing the residency questionnaire and the possibility of some centralized resources (maybe a common residency page that all schools could link to as a residency guide) we are hoping to have a discussion on some specific sticking points.  Below is a list of issues we are going to offer as prompts for the discussion.  If you have other suggestions, please get them to me by the end of the week.

 

Thanks

 

Residency Issues

This document is to track complicated Residency petitions issues that we can ask Board of

Regents legal counsel before the next MACRO presentation.

1. The yearlong process requires a student to be financially independent (51%) from the parents. If the parent deposits money for the year of tuition one day before the year - long process begins...does that count for or against the student's financial independence. How much reporting documentation is collected to establish 51% (parent plus loans are the obvious check, but what about a car registered in another

state to the parent – how should that be addressed?)

2. If a student completed their tax returns but did not “sever all legal ties (didn’t get a driver’s license, voter registration, or vehicle registration) ” within the 6 month requirement of the state, can we award in-state residency based on the in-state taxes?
3. 6 credit limit doesn’t allow for some benefits of the University (military requires 7 for housing allowance, some courses are 4-credit). How stringent is the policy? Can students take 7 credits one semester and 5 the next?
4. Out of state parent claims student as a dependent but the student is residing with in-state parent while going to school and that parent is paying tuition?
5. Must a student register their vehicle if owned by parent?
6. Montana Taxes are identified as a means to “start the clock ticking” can we use the date claimed as “part year resident and the self-reported residency began field” as the start date?
7. How strict are we on guidelines. Do you have to get your drivers license within 6-months or just prior to filing for residency (assuming other documentation is in order)?
8. What about staying in the dorms. Is it reasonable to say that you didn’t come here for educational purposes if you are staying in the dorm?

 

 

Tony Campeau

Registrar

Montana State University

406.994.2604

 

RESPECT … INTEGRITY … STUDENT SUCCESS … EXCELLENCE

 

GDPR Article 17

Hello my fellow MACAROONS.

Here is the link to AACRAOs posting on GDPR.  Below is a DRAFT, summary-interpretation of GDPR prepared by MSU's associate legal counsel.  Please keep in mind that this is a draft.  If people find errors or contradictory guidance please share them so we can develop our collective knowledge and processes together.  Blake (associate legal counsel) suggested that people who want a more in depth understanding explore the links he cites.

 

See you all in October.

 

Tony

 

 

Tony Campeau

Registrar

Montana State University

406.994.2604

 

RESPECT … INTEGRITY … STUDENT SUCCESS … EXCELLENCE

 

 

From: Christensen, Blake
Sent: Tuesday, September 04, 2018 5:44 PM
To: Peterson, Kellie <kellie.peterson@montana.edu>; Campeau, Tony <tcampeau@montana.edu>; van Almelo, Justin <justin.vanalmelo@montana.edu>
Cc: Taylor, Leslie C <lesliet@montana.edu>
Subject: RE: GDPR Article 17

 

Kellie, Tony, and Justin,

 

I've compiled a fairly understandable list of information from a couple different sources (below) that might help answer the question of what the university must do when it receives a request to be forgotten under GDPR.

 

Here is a quick summary of what I have found so far:

• The right to erasure is not absolute, and exceptions include 1) when there is a legal obligation to keep the data, and/or 2) for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Therefore, when a request is received, the university will likely need to first determine the nature of the request and what records it would involve.
    • i.e., a request by a prospective student to be removed from an admissions mailing list would be treated very differently than a request to delete all institutional records of a former student.
    • For reasons below, a request for erasure would likely have a larger impact on areas with marketing/outreach, such as admissions, the alumni foundation, athletics marketing, student success programs, etc than it would on the registrar's office.
• The university arguably has a legal obligation to maintain certain records (and does so in the public interest and in the exercise of its official authority) in accordance with the Montana University System Records Retention Schedule: https://mus.edu/che/directives/GerenalRecordRetentionSchedule.pdf
  • These records are not maintained based on "consent" and legitimate public interests override an individual's objection to maintaining them.
  • It might be this line of reasoning Tony was thinking of when he mentioned a possible permanent records exception in one of his previous emails.
• The university is permitted to request more information from a requester to confirm identity and applicability of GDPR.
• The university is permitted to keep details of requests received, so there could be some master list of request information.
• The university must reply to a request without "undue delay," and within 1 month of the receipt of the request.
• If the university rejects a request for erasure then it has to inform the person of the reasons for doing so and of the requestor's right to file a complaint with the Data Protection Authority and to seek a judicial remedy (likely in the EU, which would raise enforceability questions).
  • For example, if the university determines a broad request to erase all records of a former student would include records the university is required to maintain under the records retention schedule, then this would be the reason the university gives the requester for denying the request.
  • A response could potentially be bifurcated: the university could determine that some information is subject to erasure (like directory information on a mailing list) while other information is not (financial aid data or transcripts).

 

For more details, please see the questions and answers below, particularly the highlighted text. I am happy to discuss this further with you or help hunt down more information.

 

Blake

 

--

Blake Christensen

Associate Legal Counsel

211 Montana Hall

Montana State University

Office: 406-994-4570

 

 

Helpful notes:

 

From the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en

 

Question: Who does the data protection law apply to?

• The law applies to:

1. a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
2. a company  established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.

 

 

Question: How should requests from individuals be dealt with?

• Individuals may contact a public administration to exercise their rights under the GDPR (rights of access, rectification, erasure, restriction, objection, right not to be subject to automated decision-making).
• Note that individuals have a right to object to the processing of personal data by the public administration on grounds of public interest. They must provide the public administration with reasons relating to their particular situation. The public administration may continue processing the data, and thus deny their request, if it demonstrates compelling legitimate grounds for the processing that override the interests and rights of the individual, or if the data is required for the establishment, exercise or defence of legal claims.
• Individuals don't have a right to the transmission of data relating to them that is needed for the performance of a task carried out in the public interest or in the exercise of official authority vested in them.
• A public administration must reply to requests from individuals without undue delay, and in principle within 1 month of receipt of the request. It may ask for additional information in order for  to confirm the identity of the person making the request. If the request is rejected the individuals must be provided with the reasons for rejection and informed of their right to file a complaint with the DPA and to seek a judicial remedy.

 

 

Question: Do we always have to delete personal data if a person asks?

• The General Data Protection Regulation (GDPR) gives individuals the right to ask for their data to be deleted and organisations do have an obligation to do so, except in the following cases:  
  • the personal data your company/organisation  holds is needed to exercise the right of freedom of expression;
  • there is a legal obligation to keep that data;
  • for reasons of public interest (for example public health, scientific, statistical or historical research purposes).
• If your company/organisation processed data unlawfully it must delete it. In the case of an individual, data collected when they were still a minor must be deleted.
• With regard to the right to be forgotten online, organisations are expected to take reasonable steps (for example technical measures) to inform other websites that a particular individual has requested the erasure of their personal data.
• Data can also be kept if it has undergone an appropriate process of anonymisation.

 

 

Question: How should requests from individuals exercising their data protection rights be dealt with?

• Individuals may contact your company/organisation to exercise their rights under the GDPR (rights of access, rectification, erasure, portability, etc.). Where personal data is processed by electronic means, your company/organisation  should provide means for requests to be made electronically. Your company/organisation  must reply to their request without undue delay, and in principle within 1 month of the receipt of the request.
• It can ask them for additional information in order to confirm the identity of the person making the request.
• If your company/organisation  rejects the request then it has to inform the person of the reasons for doing so and of their right to file a complaint with the Data Protection Authority and to seek a judicial remedy.
• Dealing with requests of individuals should be carried out free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, you may charge a reasonable fee or refuse to act.

 

 

Question: What if somebody withdraws their consent?

• It should be as easy to withdraw as to give consent. If consent is withdrawn your company/organisation can no longer process the data. Once consent has been withdrawn, your company/organisation needs to ensure that the data is deleted unless it can be processed on another legal ground (for example storage requirements or as far as it is a necessity to fulfil the contract).
• If the data was being processed for several purposes your company/organisation can't use the personal data for the part of the processing for which consent has been withdrawn or for any of the purposes, depending on the nature of the withdrawal of consent.

 

 

Question: What if a public administration fails to comply with the data protection rules?

• The Data Protection Authorities have different tools at their disposal in cases of non-compliance. In the case of a likely infringement, a warning may be issued. In the case of an infringement, the possibilities include: a reprimand or a temporary or definitive ban on the processing. In some countries, public bodies may also be subject to administrative fines. A public administration should check the national data protection law in its country.
• Individuals can claim compensation where a public body is in breach of the GDPR and they have suffered material damages, for example financial loss, or non-material damages, for example reputational loss or psychological distress. The GDPR ensures that they will be provided with compensation, regardless of the number of organisations involved in the processing of their data. Compensation can be claimed directly from the public body or before the competent national courts of the EU Member State concerned.

 

 

 

From the UK Information Commissioner's Office: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

 

What is the right to erasure?

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the 'right to be forgotten'. The right is not absolute and only applies in certain circumstances.

 

 

When does the right to erasure apply?

Individuals have the right to have their personal data erased if:

• the personal data is no longer necessary for the purpose which you originally collected or processed it for;
• you are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent;
• you are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;
• you are processing the personal data for direct marketing purposes and the individual objects to that processing;
• you have processed the personal data unlawfully (ie in breach of the lawfulness requirement of the 1st principle);
• you have to do it to comply with a legal obligation; or
• you have processed the personal data to offer information society services to a child.

 

 

When does the right to erasure not apply?

The right to erasure does not apply if processing is necessary for one of the following reasons:

• to exercise the right of freedom of expression and information;
• to comply with a legal obligation;
• for the performance of a task carried out in the public interest or in the exercise of official authority;
• for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
• for the establishment, exercise or defence of legal claims.

The GDPR also specifies two circumstances where the right to erasure will not apply to special category data:

• if the processing is necessary for public health purposes in the public interest (eg protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
• if the processing is necessary for the purposes of preventative or occupational medicine (eg where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (eg a health professional).

 

 

Can we refuse to comply with a request for other reasons?

You can refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.

If you consider that a request is manifestly unfounded or excessive you can:

• request a "reasonable fee" to deal with the request; or
• refuse to deal with the request.

In either case you will need to justify your decision.

You should base the reasonable fee on the administrative costs of complying with the request. If you decide to charge a fee you should contact the individual promptly and inform them. You do not need to comply with the request until you have received the fee.

 

 

What should we do if we refuse to comply with a request for erasure?

You must inform the individual without undue delay and within one month of receipt of the request.

You should inform the individual about:

• the reasons you are not taking action;
• their right to make a complaint to the ICO or another supervisory authority; and
• their ability to seek to enforce this right through a judicial remedy.

You should also provide this information if you request a reasonable fee or need additional information to identify the individual.

 

 

How do we recognise a request?

The GDPR does not specify how to make a valid request. Therefore, an individual can make a request for erasure verbally or in writing. It can also be made to any part of your organisation and does not have to be to a specific person or contact point.

A request does not have to include the phrase 'request for erasure' or Article 17 of the GDPR, as long as one of the conditions listed above apply.

This presents a challenge as any of your employees could receive a valid verbal request. However, you have a legal responsibility to identify that an individual has made a request to you and handle it accordingly. Therefore you may need to consider which of your staff who regularly interact with individuals may need specific training to identify a request.

Additionally, it is good practice to have a policy for recording details of the requests you receive, particularly those made by telephone or in person. You may wish to check with the requester that you have understood their request, as this can help avoid later disputes about how you have interpreted the request. We also recommend that you keep a log of verbal requests.

Can we charge a fee?

No, in most cases you cannot charge a fee to comply with a request for erasure.

However, as noted above, where the request is manifestly unfounded or excessive you may charge a "reasonable fee" for the administrative costs of complying with the request.

 

 

How long do we have to comply?

You must act upon the request without undue delay and at the latest within one month of receipt.

You should calculate the time limit from the day after you receive the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.

If this is not possible because the following month is shorter (and there is no corresponding calendar date), the date for response is the last day of the following month.

If the corresponding date falls on a weekend or a public holiday, you will have until the next working day to respond.

This means that the exact number of days you have to comply with a request varies, depending on the month in which the request is made.

For practical purposes, if a consistent number of days is required (eg for operational or system purposes), it may be helpful to adopt a 28-day period to ensure compliance is always within a calendar month.

 

 

Can we extend the time for a response?

You can extend the time to respond by a further two months if the request is complex or you have received a number of requests from the individual. You must let the individual know without undue delay and within one month of receiving their request and explain why the extension is necessary.

However, it is the ICO's view that it is unlikely to be reasonable to extend the time limit if:

• it is manifestly unfounded or excessive;
• an exemption applies; or
• you are requesting proof of identity before considering the request.

 

 

Can we ask an individual for ID?

If you have doubts about the identity of the person making the request you can ask for more information. However, it is important that you only request information that is necessary to confirm who they are. The key to this is proportionality. You should take into account what data you hold, the nature of the data, and what you are using it for.

You must let the individual know without undue delay and within one month that you need more information from them to confirm their identity. You do not need to comply with the request until you have received the additional information.

 

 

What is the 'public task' basis?

Article 6(1)(e) gives you a lawful basis for processing where:

"processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller"

This can apply if you are either:

• carrying out a specific task in the public interest which is laid down by law; or
• exercising official authority (for example, a public body's tasks, functions, duties or powers) which is laid down by law.

If you can show you are exercising official authority, including use of discretionary powers, there is no additional public interest test. However, you must be able to demonstrate that the processing is 'necessary' for that purpose.

'Necessary' means that the processing must be a targeted and proportionate way of achieving your purpose. You do not have a lawful basis for processing if there is another reasonable and less intrusive way to achieve the same result.  

In this guide we use the term 'public task' to help describe and label this lawful basis. However, this is not a term used in the GDPR itself. Your focus should be on demonstrating either that you are carrying out a task in the public interest, or that you are exercising official authority.

 

 

What does 'laid down by law' mean?

Article 6(3) requires that the relevant task or authority must be laid down by domestic or EU law. This will most often be a statutory function. However, Recital 41 clarifies that this does not have to be an explicit statutory provision, as long as the application of the law is clear and foreseeable. This means that it includes clear common law tasks, functions or powers as well as those set out in statute or statutory guidance.

You do not need specific legal authority for the particular processing activity. The point is that your overall purpose must be to perform a public interest task or exercise official authority, and that overall task or authority has a sufficiently clear basis in law.

 

 

Who can rely on this basis?

Any organisation who is exercising official authority or carrying out a specific task in the public interest. The focus is on the nature of the function, not the nature of the organisation.

 

 

 

 

From: Peterson, Kellie
Sent: Monday, August 27, 2018 9:14 AM
To: Campeau, Tony <tcampeau@montana.edu>; van Almelo, Justin <justin.vanalmelo@montana.edu>
Cc: Christensen, Blake <blakechristensen@montana.edu>
Subject: RE: GDPR Article 17

 

According to this article, we have "one month" to tell them whether we have destroyed the data or if we have a reason to refuse.

 

I'm copying in Blake because I think he may have done some additional research on the topic.

 

Kellie