Data Subject Access Requests
-
Please see our summary GDPR card here
-
The Data Protection Act 1998 (the “DPA”) provided individuals with a right to access the personal data held about them by organisations and businesses, including their employer.
-
The right was exercised by making a data subject access request
-
The data subject's rights to access to their personal data has been strengthened under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, which repeals and replaces the DPA 1998
-
Given the advances in technology subject access requests are likely to be far more onerous than when originally introduced under the DPA 1998
-
The Information Commissioner's Office (ICO) has published a subject access code of practice which relates to subject access requests under the DPA 1998. An updated guidance is awaited reflecting the law under the GDPR and DPA 2018. The guidance can be read here
Current:
Login or subscribe (includes subscription information) to access the full content of this page.