Do you know how to manage a Data Subject Access Request?

The Data Protection Act 2018, incorporating the UK General Date Protectio Regulations UK GDPR, has brought individual data rights into focus. Data Subject Access Requests (DSARs) are now commonly made by disaffected employees, or those facing disciplinary action. They can be time-consuming and disruptive to deal with and it is therefore important for businesses to be aware of their existence and how to deal with them.

There is no set form for a subject access request. Any oral or written request from an employee or customer to enable them to see what personal data an organisation holds is likely to be a DSAR. If the business does not have a Data Protection Officer (DPO) then a dedicated manager should be given the authority and responsibility to deal with DSAR responses. A full reply should be given within one month unless the request is complex, so any delay in the process risks becoming a breach.

A DSAR can either be general (a request for all personal data) or specific, for example data relating to particular processes or discussions which led to disciplinary action being taken. Personal data is widely defined so it is important to capture everything of relevance and then conduct a manual review of the data which is held.

‘Data’ is not necessarily the same as ‘documents’. There is no obligation to disclose documents, although that may be the simplest way to provide the data. If documents contain the personal data of more than one individual, care needs to be taken to seek the consent of other involved parties to the disclosure, or to redact data that does not relate to the requester. Disclosing someone else’s data without a valid reason will be a data breach in itself.

Generally speaking an employer or business cannot refuse to provide the requested data and it is important not to simply ignore such requests.

DSARs are clearly on the increase, and employees are regularly using them during disciplinary and settlement discussions so it is important to seek appropriate advice if you are faced with one.  121 HR Solutions can provide support in these situations on

Privacy Policy



Powered by The Logic of Eight - Creative Media