Dealing With Subject Access Requests

The Data Protection Act 1998 gives individuals the right to access information held about them by organisations. The Act governs how organisations can use the personal information they hold – including how they acquire, store, share or dispose of it.

The Information Commissioner’s Office has published guidance on how to deal with requests (called ‘subject access requests’) from individuals for information held about them.

The advice distinguishes between requests that can be treated as part of normal business practice and those that should be dealt with formally under the Act.

If the request can be treated as a routine enquiry, rather than a formal subject access request, it often makes sense to do so. The guidance includes examples of the sort of requests for information that should be handled in this way.

View the eight data protection principles.

The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.
Print pagePrintable Version

Latest News

Time Off Work for Jury Service Time Off Work for Jury Service
Contract Clinches Fee for Ex-Advisers Contract Clinches Fee for Ex-Advisers
Failure to Enforce Right Leads to its Loss Failure to Enforce Right Leads to its Loss
Voucher Warning for Firms Voucher Warning for Firms
Assessment of Repetitive Tasks Tool Assessment of Repetitive Tasks Tool
ET1 Claim Forms and Illegibility ET1 Claim Forms and Illegibility
It's Good to Talk It's Good to Talk
Businessmen Denied Profit for 'Borrowed' Business Plan Businessmen Denied Profit for 'Borrowed' Business Plan
Fines for Breaches of Environmental Law Fines for Breaches of Environmental Law
Employer Not Liable for Remark Made by Agency Worker Employer Not Liable for Remark Made by Agency Worker