GDPR Subject Access Requests

I have received a subject access request asking for “all” personal data from a current employee. How do I deal with this?

Under the Data Protection Act 2018, individuals can make a Subject Access Request (SAR) to their employer to access their personal data. Employers should have an accessible policy to deal with such requests.

Usually, the designated Data Protection Officer or Compliance Officer is the person that will respond to the request. Once you receive the SAR, you will have a month to respond. Normally SARs do not incur a cost, however, if the request is repetitive, excessive or manifestly unfounded the employer may request a reasonable fee.

The data subject should be informed:

  1. Whether or not their data is processed and the reasons for the processing of their data;
  2. The categories of personal data concerning them;
  3. Where their data has been collected from if it was not collected from them;
  4. Anyone who their personal data has been disclosed to or will be disclosed to, including anyone outside of the EEA and the safeguards utilised to ensure data security;
  5. How long their data is kept for (or how that period is decided);
  6. Their rights in relation to data rectification, erasure, restriction of and objection to processing;
  7. Their right to complain to the Office of the Data Protection Commissioner if they are of the opinion that their rights have been infringed;
  8. The reasoning behind any automated decisions taken about them.

An employer may refuse to deal with a request, or part of it, because of the types of information requested. For example, information that is subject to legal privilege or relates to management planning is not required to be disclosed.

Where this is the case, the data subject should be informed that their request cannot be complied with and an explanation of the reason will need to be provided.

If you have any questions in relation to subject access requests, please contact the advice line on 01 886 0350

Book a call with a consultant

Complete the form below and a consultant will call you as soon as possible.

Book a call with a consultant

Complete the form below and a consultant will call you as soon as possible.

Latest Resources

New whistleblowing rules in force from January 2023

The Minister for Public Expenditure and Reform, Michael McGrath, recently confirmed that the Protected Disclosures (Amendment) Act 2022 will come into force on 1 January […]

Fair distribution of tips to be mandatory from December 1st

The Government passed the Payment of Wages (Amendment) (Tips and Gratuities) Act 2022 earlier this year in July. This week, the Tánaiste confirmed that this new law […]

The new broom sweeps clean: Musk’s redundancies will need to comply with Irish employment law

Elon Musk hasn’t wasted making changes at Twitter, with him making approximately half of the company’s global workforce redundant. While labour laws in the US […]