Data protection: compliance with subject access requests


Share

The ICO has amended its General Data Protection Regulation: Right of access guidance on the timescale for compliance with a data subject access request (DSAR) when the data controller requests clarification from the data subject.

The start of the one-month period for compliance will no longer be paused until the controller receives the requested information.  Similarly, the extended timescale of up to two further months for responding to complex or multiple DSARs is no longer paused.  The new timescale will start to run from the date of receipt of the DSAR or, if later, upon receipt of proof of identification.

This is an important change from the guidance published in 2018 and is a divergence from the Subject Access Code of Practice made under the Data Protection Act 1998, which paused the time period until the controller received the information sought from the individual.

News

Trowers comments: ESG for HR

Explore
Insight

Doctor who refused to use transgender service users' pronouns was not discriminated against

Explore
Insight

A round-up of other gender critical belief decisions

Explore
Insight

Holiday for part-year workers should not be reduced pro rata

Explore
Insight

Injunction restraining termination and re-engagement of Tesco employees overturned by Court of Appeal

Explore
Insight

PHI and contractual liability

Explore