GDPR Subject Access Requests
I have received a subject access request asking for “all” personal data from a current employee. How do I deal with this?
Under the Data Protection Act 2018, individuals can make a Subject Access Request (SAR) to their employer to access their personal data. Employers should have an accessible policy to deal with such requests.
Usually, the designated Data Protection Officer or Compliance Officer is the person that will respond to the request. Once you receive the SAR, you will have a month to respond. Normally SARs do not incur a cost, however, if the request is repetitive, excessive or manifestly unfounded the employer may request a reasonable fee.
The data subject should be informed:
- Whether or not their data is processed and the reasons for the processing of their data;
- The categories of personal data concerning them;
- Where their data has been collected from if it was not collected from them;
- Anyone who their personal data has been disclosed to or will be disclosed to, including anyone outside of the EEA and the safeguards utilised to ensure data security;
- How long their data is kept for (or how that period is decided);
- Their rights in relation to data rectification, erasure, restriction of and objection to processing;
- Their right to complain to the Office of the Data Protection Commissioner if they are of the opinion that their rights have been infringed;
- The reasoning behind any automated decisions taken about them.
An employer may refuse to deal with a request, or part of it, because of the types of information requested. For example, information which is subject to legal privilege or relates to management planning is not required to be disclosed.
Where this is the case, the data subject should be informed that their request cannot be complied with and an explanation of the reason will need to be provided.
If you have any questions in relation to subject access requests, please contact the advice line on 1890 252 923Back to the blog
- @GraphiteHRM21 Jan
#Dublin and #Galway, we have been working hard to develop workshops around some of the key issues facing businesses… t.co/1awcb9VsHUView Summary
- @GraphiteHRM21 Jan
People cope with their problems in different ways, but we all face times in our lives where things can get on top o… t.co/JOkTEvWIQZView Summary
- @GraphiteHRM20 Jan
The Labour Court recently upheld a Workplace Relations Commission decision to award an employee €4,000 despite the… t.co/DCBcpGUjCDView Summary
- @GraphiteHRM19 Jan
We know that running a business isn't always smooth sailing. ✔️ Our #HR experts are here to help you with any ques… t.co/G6xZyt2uGSView Summary
- Go to Twitter