The Information Commissioner’s Office is planning to update its guidance on how companies should deal with so-called "data subject access requests" (DSARs) and has launched a consultation on new draft guidance, just 18 months after the current version was first published.
The "right of access" is one of the key tenets of GDPR but also one of the most troublesome. A global study published this week by Talend revealed that three-fifths of firms still miss the one-month deadline for responding to DSARs.
The ICO recently warned the Brexit Party to speed up its processes after it was found to have requests still outstanding from May. However, so far the Metropolitan Police is the only organisation to have been issued with an enforcement notice for non-compliance, after it emerged that the force had a backlog of over 1,700 requests for copies of data.
The latest draft contains more detailed guidance which explains the rights that individuals have to access their personal data and the obligations on controllers.
The draft guidance also explores the special rules involving certain categories of personal data, how to deal with requests involving the personal data of others, and the exemptions that are most likely to apply in practice when handling a request.
It also includes sections on healthcare, education and social work data.
The views of stakeholders and the public will inform the published version of the guidance by helping the ICO to understand the areas where organisations are seeking further clarity, in particular taking into account their experiences in dealing with DSARs since May 2018.
ICO group manager for regulatory assurance (policy) Chris Hogan said: “The right of access is one of the most fundamental elements of the GDPR and it is important that controllers get it right.
“We are keen to provide detailed and informative guidance that explains this right. Before we publish this guidance in full, we want to hear from controllers and individuals to find out whether it works for them, and in particular whether there are issues that we have not addressed.”
The consultation closes on February 12, 2020.
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024