Bulletin 6: Handling Requests From Individuals Under GDPR

IEEE Technical Activities Bulletin #6

Topic: Handling Requests From Individuals Under GDPR

Type: Action

Audience: Individuals responsible for processing personal data

Version 2 - July 2021

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

What can individuals request under GDPR and other data privacy regulations?

While each regulation is different, generally, under the European Union General Data Privacy Regulation (GDPR) and other data privacy regulations, individuals may make requests regarding their data held by IEEE. Examples of those requests may include: 

  1. Copy of Personal Data: Upon request, an individual is allowed to receive a copy of all personal data that IEEE maintains on them. This information must be provided in a structured, commonly used, machine-readable, and interoperable format.

  2. Right to be Forgotten: Upon request, individuals have the right to have their personal data erased and no longer processed by IEEE except in cases where there is a legal reason to retain the data. In addition, individuals will be removed from IEEE mailing lists.

  3. Data Portability: The right for an individual to receive their personal data, which they have previously provided in a 'commonly used and machine readable format' and the ability to transmit that data to another.

How does someone make these requests?

Individuals may go to the Data Subject Request form or send an email to privacy@ieee.org describing the right they wish to invoke with ‘Data Subject Request’ in the subject line.

How will I know if a request has been made that affects my Society/Technical Council/Technical Community?

Technical Activities (TA) has set up a process for requests made by individuals either to receive a copy of their personal data or to have their data be erased by IEEE systems.

When IEEE receives a request, the IEEE Data Privacy Officer (DPO) will send the request to the TA Data Privacy specialist, who will email the request and a form to all of the designated contacts for each individual Society, Technical Council, and Technical Community (S/TC/TC), as well as any other TA Staff organizations that hold personal data.

Each individual organization will query their systems to determine if the individual is in any of their databases and respond accordingly to the form provided in the email. Organizations should provide a response within 48 hours. The response process will be clearly defined in the email that goes out to all organizations.

If you are the contact person for your Society/Council or Technical Council, please follow the instructions in the email notification.

MGA manages all membership records (IEEE and Society/Council) as well as other common internal repositories including vTools, SCLE, Google Groups and all listServ lists (including the lists for computer.org and comsoc.org). As such, those data sources are covered. Therefore, you do not need to review those lists.

If all of your customer information is contained only in those locations your responsibilities are complete and you can respond accordingly to the request.

If you hold information in other systems, or it is being maintained by a third-party partner, you will need to review and act accordingly per the instructions provided in the Data Subject Request email.

Who is my S/TC/TC’s GDPR-identified representative?

  • Staffed Organizations: Societies, Technical Councils, and Technical Communities with IEEE staff have identified a single staff person to process the request.

  • Non-Staffed Organizations: For Societies or Technical Councils that use third-party management partners, we have agreements for them to do this work. For other S/TCs, the contact will be the President of the Society or Technical Council or their designated volunteer contact person. These contacts are updated annually and verified with the S/TC staff and Presidents.

How can I learn more?

The latest information on GDPR and other data privacy regulations can be found on the Technical Activities Data Privacy Resource Page or the IEEE Data Privacy page.

Please share this information with additional volunteers, contractors, temporary employees, interns, and consultants as needed.

If you have questions or need assistance, please contact TA Answer Central.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[Download PDF]