GDPR - Individual rights and Sage Personal Tax
Under the General Data Protection Regulation (GDPR) individuals have increased rights over the personal data you hold on them. This includes the right to know why you’re holding their data and what you’re using it for, as well as the right to request data is deleted or rectified.
Sage Personal Tax is mainly designed to hold the data you need to carry out your duties. However, if you are using it to process personal data, you need to make sure you’re aware of an individual’s rights. You can find out more detail about each right from the ICO website.
Right to be informed
You must tell people what you’re doing with their personal data, this includes any personal data you hold in Sage Personal Tax. Your company would normally need a privacy statement or notice to cover this. You can find out more about what type of information you need to inform individuals about from the ICO website.
Right of access
Individuals have a right to access their personal data, so they are aware of what data you hold and what you’re holding it for. They have a right to:
- Confirmation that you’re processing their data.
- Access their personal data.
- Access other supplementary information.
If an individual sends you a subject access request, you must send them the relevant information. Read more
Right to rectification
You must make sure that the personal data you hold for individuals is accurate and kept up to date. If an individual asks you to correct their data, you must update this in your software. You must respond to the individual within one month, or two months if the request is complex.
Right to erasure (right to be forgotten)
Unless there’s another legal reason for keeping personal data, you must delete or remove the data at the request of the individual. In Sage Personal Tax, you can overwrite the information in the relevant records to anonymise it, for example, change the client name to XXX.
You can remove clients from your client list if there are no active service subscriptions associated with them. Learn how to remove your access to a client’s data.
You can find out more about when this right applies and other conditions from the ICO website.
Right to restrict processing
Individuals have a right to block or suppress processing of their personal data. If they request this, you can still store their personal data, but you can’t process it further. You can keep just enough information about them to make sure the restriction is respected in future. Read more
If necessary, you can amend information within a record to anonymise or remove the non-relevant information.
Right to data portability
If an individual has provided their personal data to you on the basis of consent or contract, they have a right to request that the personal data is returned to them in a machine-readable format, for example, an Excel or CSV file, rather than a Word or PDF document. Read more
Right to object
Individuals have a right to object to you processing their personal data. This is mainly aimed at using their data for direct marketing, including profiling, however there are other legitimate reasons for objecting. Read more
Right not to be subject to automated decision making, including profiling
Individuals have a right to object to being subject to a decision based solely on automated processing, including profiling. If you use an automated decision-making system, it should allow for a human intervention. Read more
Sage Legal Disclaimer
The information contained in this guide is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. We would like to stress that there is no substitute for customers making their own detailed investigations or seeking their own legal advice if they are unsure about the implications of the GDPR on their businesses.
While we have made every effort to ensure that the information provided on this website is correct and up to date, Sage makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied. Sage will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information or from any action or decisions taken as a result of using this information.