Home News Data Protection – Don’t ignore subject access requests!

Data Protection – Don’t ignore subject access requests!

If your organisation ignores subject access requests it does so at its peril. Recent case law has illustrated the importance the Information Commissioner’s Office (ICO)places on subject access requests. If your organisation has not and/or does not comply with such a request, the ICO may take action.

Under UK data protection legislation all individuals have certain rights if their personal data is processed in the UK. This includes the right to make subject access requests of an organisation. These requests can seek a variety of outcomes but is often a request that the organisation disclose to the individual the personal data which it holds on the individual. If an organisation ignores a subject access request or does not provide all the personal data held, the individual can complain to the ICO. The ICO can then issue an enforcement notice requiring the organisation to take certain action in the event of a breach of the law. Failure to comply is a criminal offence.

What else must your organisation know about subject access requests? To ensure that it complies with the rules on subject access requests, your personnel should be aware of the following:

Subject access requests may be made verbally and do not require to be in writing to be valid. It is, therefore, good practice to record requests received, especially those that are not in writing.
Requests must be responded to within one calendar month of receipt.
Requests need not actually use the phrase “subject access request.”
An organisation cannot charge a fee unless the request is manifestly unfounded or excessive.
In addition to potential ICO enforcement action, individuals have the right to seek compensation from an organisation for a failure to comply with the rules.

Given the potential consequences of non-compliance, your organisation should have a Subject Access Request Policy and ensure that all personnel are aware of the rules and the timescales involved. In addition, they should be aware to whom requests should be passed in your organisation.

Please note that this blog is intended as a short summary of the rules on subject access requests. No responsibility can be accepted for any action taken in reliance on this blog and specialist advice should be taken in every case. If you would like further information, please contact Malcolm Homes on 01383 721621 or mbh@businesslaw.co.uk

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

News

Data Protection – Don’t ignore subject access requests!

Leave a Reply Cancel reply

How we can help

Related News