Data protection: compliance with subject access requests


Share

The ICO has amended its General Data Protection Regulation: Right of access guidance on the timescale for compliance with a data subject access request (DSAR) when the data controller requests clarification from the data subject.

The start of the one-month period for compliance will no longer be paused until the controller receives the requested information.  Similarly, the extended timescale of up to two further months for responding to complex or multiple DSARs is no longer paused.  The new timescale will start to run from the date of receipt of the DSAR or, if later, upon receipt of proof of identification.

This is an important change from the guidance published in 2018 and is a divergence from the Subject Access Code of Practice made under the Data Protection Act 1998, which paused the time period until the controller received the information sought from the individual.

Insight

HR Law – February 2023

Explore
Insight

Being a successful Employer of the Future: A Trowers Tuesday series

Explore
Insight

Webinar – Trowers Tuesday: Successful changes and restructures

Explore
Insight

Dismissal of employee on long-term sickness absence was not discrimination arising from disability

Explore
Insight

Strikes (Minimum Services) Bill introduced in the House of Commons 

Explore
Insight

Update on the Retained EU Law (Revocation and Reform) Bill

Explore