In this edition of our data protection bulletin, we explore subject access requests, covering:
Ashfords utilises technology to streamline and automate subject access request searches and reviews. As a result, we are able to offer fixed fee pricing for a wide variety of subject access requests. If this is something you would be interested in, please contact Tom Llewellyn to discuss further.
As people become more aware of their rights, organisations are facing an increase in the number and complexity of subject access requests received. Often these are linked to a consumer dispute or an employment claim, but they can range from simple requests involving a small amount of data to complex requests involving tens of thousands of documents, third party data, and various exemptions.
The burden organisations face in responding to subject access requests can be significant, and it is an area of law that is continuing to develop with there being a number of recent case law developments which will affect how organisations should respond to any requests received. This webinar takes you through these developments and provides you with guidance on how to identify and manage subject access requests.
Subject access requests are becoming an increasing area of concern for many organisations, with errors in dealing with requests potentially leading to serious consequences. Click below to read our guide for some practical steps to minimise risks when dealing with SARs.
Read more
The personal data that a subject can request includes copies of CCTV footage that they feature in. All of the usual rules for responding to a SAR will apply but what additional considerations are there where a SAR includes a request for CCTV footage? Read our guide to find out.
Read more
In this article we explore the recent High Court case of Harrison v Cameron and ACL (Harrison v Cameron), which considers whether the identities of internal recipients of data must be disclosed in response to a subject access request (SAR). Click below to read the full article.
Read more
This year the ICO took action after receiving 150 complaints regarding the Labour party’s handling of SARs in the year from November 2021 to November 2022. ICO investigations found that the Labour party had received 352 SARs requiring a response, of which 78% were not responded to within the statutory timeframe and responses to 56% were significantly delayed by over one year. Click here for the news story.
The University Hospital of Southampton was issued with a reprimand by the ICO for a failure to respond to over 40% of subject access requests within the required time period, over a period of 11-months. Read the reprimand in full here.
Last year the ICO issued a reprimand to two councils, Plymouth City Council and Norfolk County Council, for a failure to adequately respond to SARs within the legal timeframe for response of one to three months. Read the full story here.
In 2023, the ICO published guidance to assist businesses and employers in responding to SARs and complying with the right of access. Organisations that fail to comply with SARs risk being subject to fines or reprimands.
Read the ICO's guidance here
