The Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR) provide you with a number of rights in relation to the processing of your personal data, including the right of access to a copy of the personal data the CAA holds about you, known as a Subject Access Request.
Under the GDPR, individuals' rights are enhanced and extended in a number of important areas:
You can submit a request for information, or exercise any of your individual rights here. Alternatively, if you wish to submit an information enquiry or make a complaint about how we have processed your personal information, you can email us at FOI.firstname.lastname@example.org.
If your request relates to personal data about you, to satisfy ourselves that we are dealing with the correct person you will need to make sure that you submit a copy of your passport or driving licence as proof of identity.
Under the current DPA law we must respond to a Subject Access Request no later than 40 calendar days following the date of receipt of all the information necessary to deal with the request. Under the GDPR, we must respond within a month.
There are exemptions to the right of access to your personal information, such as when the material also includes a third party's personal information.
The CAA's DPO is:Caroline ChalkHead of External Information Services
To contact our DPO, please email FOI.email@example.com. This will ensure that in her absence your enquiry can be dealt with in the most efficient way.
If you are not satisfied with how the CAA has handled your personal data, please let us know and we will try and resolve the problem. However, you have a right to complain directly to the ICO.
This is in the process of being updated in line with the forthcoming GDPR, but can be viewed at http://www.caa.co.uk/Our-work/About-us/General-privacy-notice/.
CAA information security policy and procedures provide appropriate technical and organisational measures, that safeguard against the unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data (the Seventh Data Principle). In particular, these policies cover:-
On occasions when third party organisations process personal or sensitive personal data on behalf of the CAA appropriate contractual arrangements will be made.
A request for access to personal data by the data subject is a 'Subject Access request' under the terms of the Data Protection Act. Access to personal information about another person (third party data) can be exempt from disclosure, if necessary we will contact the data subject, and discuss the request and determine if it can be lawfully met.
We are currently looking for a Business Change Analyst based in our Gatwick Office. Full details here https://t.co/VfmPCbgS9J
RT @EASA: #airspaceinfringement Check out the EU-wide campaign on avoiding airspace infringement https://t.co/S0r6nXlLCM
7 days ago
Planning your next holiday abroad? Find out why you can't afford to ignore ATOL protection https://t.co/E6ONaaBorx… https://t.co/MvHzZMh0d5
7 days ago
Read all @UK_CAA
Aviation volcanic ash breakthrough wins safety award
7 February, 2018
New Chair of CAA Consumer Panel appointed
20 December, 2017
Civil Aviation Authority appoints Richard Moriarty as new Chief Executive
30 November, 2017
Read all News
Planning your next holiday abroad?
10 April, 2018
International women in engineering day
22 June, 2017
How we're changing the CAA
15 April, 2016
Read All Blogs