Blog
Supporting You In Dealing With Trauma Why Trauma-Informed Lawyering is Crucial
Eurydice Cote
This blog should be used for information purposes only. The information provided in this blog is based on current legislation and recent developments and should not be relied on as an exhaustive explanation of the law or the issues involved without seeking legal advice.
A Data Subject Access Request, or DSAR, is any request made by an individual for their own personal data. While they are quick and easy for an individual to make, many long hours and significant resources from your organisation will be needed in order to properly respond.
Personal data is broadly defined as any information relating to an individual who can be identified from that information, or in combination with other information, that your organisation possesses. This means that the information does not have to refer to an individual by name, so long as they can be identified by other means, for example, their initials or ID number. Personal data includes information that may be known to the individual or that is within the public domain. Importantly, personal data also includes any recorded opinion of that individual.
Since the GDPR[1] came into force, there has been a growing understanding and awareness of our individual rights when it comes to our personal data. With that, the Information Commissioner’s Office (ICO) has seen a steady increase of data-related concerns and complaints from May 2018. The most frequently received category of complaints continues to be DSARs which make up approximately 46% of UK GDPR casework received by the ICO, and of the data protection complaints received by the ICO 462 related to the charitable and voluntary sector (https://ico.org.uk/media/about-the-ico/documents/2620166/hc-354-information-commissioners-ara-2020-21.pdf).
While DSAR complaints continue to increase in numbers and the deadline to respond remains fixed despite practical delays brought on by COVID-19, DSAR awareness and know-how will be crucial to your organisation now and in the future.
This DSAR guide is intended to provide a list of common pitfalls when dealing with DSARs and how to improve your organisation’s response before it becomes an issue.
DON’T
|
DO
|
DON’T
|
DO
|
DON’T
|
DO
|
DON’T
|
DO
|
Please see our related blog ‘How to respond to a subject access request: a step by step guide for organisations’. Should you have any queries relating to your organisation’s compliance with a subject access request, please contact a member of our data protection team.
([1]GDPR came into force in May 2018. Following Brexit has been replaced by UK GDPR, but there have been no material changes to the law in relation to DSARs as a result.)
We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.
Eurydice Cote
Richard Fox
Marcia Longdon
Skip to content Home About Us Insights Services Contact Accessibility
Share insightLinkedIn Twitter Facebook Email to a friend Print