New record for GDPR fines: over four billion euros in penalties
Data protection authorities in Europe are gaining confidence and competence, which is reflected in the statistics of penalties for violators. […]
Articles
UK Information Commissioner’s Office has published detailed guidance on the Right of Access.
The right of access is a fundamental right under data protection law. And it has never been more necessary. In a world where personal data is used almost everywhere – by everyone – it’s vital that people have the right to be able to find out what’s happening to their information.
More and more people are waking up to the power of their personal data, and are exercising their rights. That’s why, as an organisation, it’s important that you know how to deal with a subject access request (SAR) effectively and efficiently.
The right of access detailed guidance that ICO has published today will help you to do that.
Main clarifications were done on the three key points raised.
- Stopping the clock for clarification – one issue which we received a lot of feedback on was that seeking clarification on requests often didn’t leave enough time to respond. As a result, our position now is that, in certain circumstances, the clock can be stopped whilst organisations are waiting for the requester to clarify their request.
- What is a manifestly excessive request – to combat confusion over when to class a request as manifestly excessive, we’ve provided additional guidance to help and broadened its definition.
- What can be included when charging a fee for excessive, unfounded or repeat requests – we’ve taken the feedback on board about the fee for staff time involved in responding to manifestly unfounded or excessive requests, or responding to follow-up SARs, and have updated what organisations can take into account when charging an admin fee.
ICO is planning to add more supportive resources like a simplified SAR guide for small businesses which picks out the key ‘need-to-knows’ from the detailed guidance.
The right of access is a cornerstone of data protection law and good SAR compliance instils trust and confidence. That’s why it’s essential that organisations get this right, because people’s trust in how organisations use their personal data plays a role in their overall confidence and support for your services.
Original article: ICO
Photo by Ron Dyar on Unsplash.
