Only the data collection officer (DPO) has direct access to the personal data collected. The DPO shall provide access to other staff as necessary upon receipt of a formal letter, and third party individuals upon approval of the Executive Director. The DPO will also handle complaints and any requests for amendments or deletion of personal data via firstname.lastname@example.org.
Should there be any unlawful or unauthorized disclosure of personal data, a data breach response protocol is in place. Detailed documentation, including an annual report, will be submitted to the management and the National Privacy Commission (NPC).