ICO publishes new guidance on subject access requests


Share

The Information Commissioner's Office (ICO) has published new guidance for organisations on how to deal with subject access requests.  

The guidance provides clarification on the circumstances in which a subject access request (SAR) may be deemed complex, enabling a period of one month from receipt of the SAR to effectively stop the clock while a data controller waits for the individual to clarify their request.

It confirms that, in determining whether a SAR is manifestly excessive the data controller has to consider whether it is clearly or obviously unreasonable.  All the circumstances of the SAR should be taken into account and used to determine whether the response required is proportionate when balanced with the burden or costs involved in dealing with the SAR.

The guidance also states that when the data controller charges a reasonable fee for excessive, unfounded or repeated SARs this fee can include the costs of staff time, copying, postage, and other expenses involved in transferring the data to the individual.

In addition to this guidance the ICO is developing other resources such as a guide for small businesses to aid the understanding of SARs.

Insight

HR Law – February 2023

Explore
Insight

Being a successful Employer of the Future: A Trowers Tuesday series

Explore
Insight

Webinar – Trowers Tuesday: Successful changes and restructures

Explore
Insight

Dismissal of employee on long-term sickness absence was not discrimination arising from disability

Explore
Insight

Strikes (Minimum Services) Bill introduced in the House of Commons 

Explore
Insight

Update on the Retained EU Law (Revocation and Reform) Bill

Explore