A data controller is an organisation that has full authority to decide how and why personal data is to be “processed” (this includes using, storing and deleting the data). When the University of Edinburgh decides that it wishes to pass the personal data it holds to another organisation, the University is acting as a data controller as the University has the authority to take this decision.
What happens if one of people that the UNI holds there personal information says that he is not give the uni consent to share his personal information with the third party? OR is telling the UNI that if they are of the assumption that consent is given he is formal stating that consent is removed? Remember the UNI is the data controller.
Can UNI carry on as per normal and send off his infomation despite him removing consent?
"The law will never make men free, it is men that have to make the law free"
Henry David Thoreau (1817-1862)