Skip to content

Brought to you by

Dentons logo

UK People Reward and Mobility Hub

The latest updates in employment, benefits, pensions and immigration

open menu close menu

UK People Reward and Mobility Hub

  • Home
  • Events
    • Past events
  • Who We Are
    • Meet the team
  • How we can help

The Information Commissioner’s Office consults on subject access guidance

By Verity Buckingham
January 9, 2020
  • GDPR
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The Information Commissioner’s Office (ICO) has published draft guidance on handling data subject access requests under GDPR. You can find the guidance at https://ico.org.uk/media/about-the-ico/consultations/2616442/right-of-access-draft-consultation-20191204.pdf.

The guidance will replace that published in April 2018. It covers topics such as:

  • how to recognise a subject access request;
  • finding and retrieving the relevant information;
  • how to supply the information;
  • when a request can be refused;
  • claiming exemptions; and
  • dealing with information about third parties.

Key concerns for organisations

Unfortunately, we have not found that the guidance provides any particularly useful information when it comes to dealing with requests that you may consider excessive. We know our clients are concerned about the size of requests made. The guidance merely points out cases where an organisation should not consider a request excessive. It does not give any tangible assistance to organisations to enable them to push back on unreasonable requests.

However, the guidance does helpfully deal with the ability to extend the time to respond. An organisation can extend the response time to three months where a request is complex or one of many requests from the individual. It gives examples of factors that may, in some circumstances, add to the complexity of a request. For example, technical difficulties in retrieving the information, applying an exemption to large volumes of sensitive information, or applying redactions.

The guidance does not add much in the way of a steer around charging a fee. It confirms an organisation can charge a fee for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if further copies are required. The fee must be reasonable, and cannot include the time taken to deal with the request.

The consultation

The guidance will sit alongside the ICO’s guide which explains the general data protection regime and explains the data protection principles, rights and obligations. You can find the guide at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/.

The consultation aims to gather the views of stakeholders and the public as to where further clarity is needed, based on experiences of dealing with subject access requests. The consultation is open until 17:00 on 12 February 2020. To feed into the consultation, please visit https://wh.snapsurveys.com/s.asp?k=157493897966.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
ICO, public consultation
Verity Buckingham

About Verity Buckingham

Verity is experienced in all aspects of employment law and corporate immigration matters. She deals mostly with corporate clients advising on contentious and non-contentious employment matters. Verity's contentious practice includes defending claims in the Employment Tribunal and experience of Employment Appeal Tribunal litigation in relation to claims of unfair dismissal, discrimination, equal pay and whistleblowing.

All posts Full bio

You might also like...

  • GDPR

Gender Pay Gap Reporting Response

On 17 January 2019 the House of Commons' Business, Energy and Industrial Strategy (BEIS) Committee published a Government response to its report on gender pay gap reporting.

By Michelle Lamb
  • Confidential Information
  • Data protection
  • Employee welfare
  • GDPR
  • Privacy

Surveillance of employees in the workplace and the Article 8 right to privacy

Advances in technology have made monitoring employees easier than ever before. With the increased use of email, smartphones, laptops, trackers […]

By Elizabeth Marshall
  • Confidential Information
  • Data protection
  • GDPR

It's getting personal: Potential GDPR breach for employees who check work emails on personal mobiles out of the office

Recent research has revealed that employees who check work emails on their personal phones could be in breach of the […]

By Laura Anthony

About Dentons

Dentons is the world’s largest law firm, delivering quality and value to clients around the globe. Dentons is a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ polycentric approach and world-class talent challenge the status quo to advance client interests in the communities in which we live and work. www.dentons.com.

Dentons Largest Global Elite Law Firm

Twitter

Categories

Dentons logo

© 2021 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site