GDPR 5. Subject Access Request

GDPR 5. Subject Access Request

October 24, 2017

The ICO defines a SAR as a simply a written request made by or on behalf of an individual for the information which he or she is entitled to ask for under section 7 of the Data Protection Act 1998 (DPA). The request does not have to be in any particular form.

 

 Your procedures should include a provision for responding to Subject Access Requests taking into consideration the new rules:

 

  • You will not be able to charge in most cases for responding to a SAR

  • You will have a month instead of the previous 40 days

  • You can refuse or charge for requests that are excessive or unfounded

If you have a lot of SAR requests, you might struggle to comply with all of them within the deadline. You should consider whether it might be a good idea to dedicate some resources to develop a solution that allow individuals to self service, such as a portal online

 

GDPR comes into force on 25th May 2018

 

< 4. Individual Rights     5. Lawful basis for processing data >

 

 

Please reload

Recent Posts

Please reload

Archive

Please reload

Tags

Please reload

 

Address

Horsham, UK

Contact

Follow

+44 1403 801 001

©2017 BY CIO ON DEMAND UK.