SUBJECT ACCESS REQUESTS
Did you know that 47% of all the complaints that the Information Commissioners Office received in 2018 related to subject access requests?
What is a subject access request? – very simply, an individual has the right to see the information being held about them. The organisation should provide access to or a copy of all the information that relates to the individual making the request. You also need to provide some additional information required by data protection legislation. Sounds easy doesn’t it? Experience tells us that organisations can make a complete mess of getting it right. This comes from not understanding how to verify someone’s identity, to providing too much or too little information and everything in between.
Subject access requests can be complex, but you want to get it right from the start.
An individual can make a subject access request by email, letter or verbally. It does not have to be confirmed in writing! Are your systems robust enough to identify verbal requests? Remember a person making the request will probably not ask for a subject access request. They could just say that they want to see all the information held about them, or even a small segment of the information held about them. One of my clients gets regular requests for a copy of a form that the customer completes as part of the sales process. That’s a limited request.
In order to support organisations to respond correctly we have a range of services. This covers an initial advice call to talk through how you will respond, all the way through to the complete service where we collate, redact and respond to the request.
Please contact us for more information.