ICO’s new guidance on responding to data subject access requests
On 24 May, the ICO published its updated guidance for businesses and employers on responding to data subject access requests (commonly referred to as ‘SARs’ or ‘DSARs’).
Based on the right of access outlined in the UK GDPR, data subjects have the right to request a copy of their personal information from organisations.
Over the last couple of years we’ve witnessed an increase in the number of DSARs submitted by current or former employees, with many of them being made as the employment relationship gets litigious.
The ICO said they have received over 15,000 complaints related to DSARs in the last 12 months. Although not all of them were employment-related, the ICO believes that some employers misunderstand the nature of DSARs and underestimate the importance of a proper response to them.
They have now, therefore, issued updated guidance that should assist businesses and employers to ‘not get caught out’.
The new guidance clarifies certain points, such as that there are no formal requirements when making a DSAR and that workers can submit one verbally or even via social media. It also comments on the position of DSARs made in the context of grievances or put forward during the without-prejudice negotiations. A helpful Q&A is also included.
If you have any questions, please get in touch. Our specialist GDPR and data protection solicitors will make the effort to get to know your business, using this knowledge to create workable solutions to any kind of data protection compliance challenge you may face. Whether you’re looking for a comprehensive solution, training or help with certain aspects of data protection law, please contact our dedicated team.Contact us
Willans Data Protection Services provides organisations operating on a multi-national basis with UK and Article 27 Representative solutions, Data Protection Officer services and GDPR training solutions.