We are now offering Virtual Training to customers, if you are interested please visit the Virtual Training page and contact us email@example.com.
Spotlight on……Data Subject Access
Data protection law provides data subjects with the right of access to their personal data being processed by an organisation. This right is designed to help individuals understand how and why an organisation is using their personal data and to check that they are doing so lawfully.
To support this, individuals have a right to obtain the following information when making a subject access request:
The right of access only applies to the individuals own personal data, unless someone is making the request on behalf of someone else, for example a solicitor, family member, friend or other legal representative.
The right of access relates to personal data rather than business information. Guidance is provided by the ICO to assist organisations to comply with the law.
There are exemptions which allow you to withhold information from your disclosure under this right. These exemptions can be found at Schedule 2 of the Data Protection Act 2018. You should read the exemption carefully to ensure that it is applicable to the data you wish to withhold and is therefore engaged.
Any disclosure must be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language. If the requester submitted their request electronically you should make disclosure in the same way, ensuring adequate security is applied.
Subject Access can be a complex area of work. We provide a range of CPD accredited training on this topic, as well as a pay as you go service for preparing disclosures under the subject access provisions. Please contact us for more information.