Home » News » UK Information Commissioner’s Office has published detailed guidance on the Right of Access.
subject access request

UK Information Commissioner’s Office has published detailed guidance on the Right of Access.

The right of access is a fundamental right under data protection law. And it has never been more necessary. In a world where personal data is used almost everywhere – by everyone – it’s vital that people have the right to be able to find out what’s happening to their information.

More and more people are waking up to the power of their personal data, and are exercising their rights. That’s why, as an organisation, it’s important that you know how to deal with a subject access request (SAR) effectively and efficiently.

The right of access detailed guidance that ICO has published today will help you to do that.

Main clarifications were done on the three key points raised.

  1. Stopping the clock for clarification – one issue which we received a lot of feedback on was that seeking clarification on requests often didn’t leave enough time to respond. As a result, our position now is that, in certain circumstances, the clock can be stopped whilst organisations are waiting for the requester to clarify their request.
  2. What is a manifestly excessive request – to combat confusion over when to class a request as manifestly excessive, we’ve provided additional guidance to help and broadened its definition.
  3. What can be included when charging a fee for excessive, unfounded or repeat requests – we’ve taken the feedback on board about the fee for staff time involved in responding to manifestly unfounded or excessive requests, or responding to follow-up SARs, and have updated what organisations can take into account when charging an admin fee.

ICO is planning to add more supportive resources like a simplified SAR guide for small businesses which picks out the key ‘need-to-knows’ from the detailed guidance.

The right of access is a cornerstone of data protection law and good SAR compliance instils trust and confidence. That’s why it’s essential that organisations get this right, because people’s trust in how organisations use their personal data plays a role in their overall confidence and support for your services.

Original article: ICO

Photo by Ron Dyar on Unsplash.

Subscribe to our Newsletter

Your e-mail address is only used to send you our newsletter and information about the activities of GDPR Register. You can always use the unsubscribe link included in the mail.

Latest News
The Estonian data protection startup is utilizing artificial intelligence to comply with GDPR requirements
GDPR Technology

The Estonian data protection startup is utilizing artificial intelligence to comply with GDPR requirements

April 22, 2024
The new directives from the European Union are making life more difficult for Estonian entrepreneurs again
GDPR Personal Data

The new directives from the European Union are making life more difficult for Estonian entrepreneurs again

March 13, 2024
CEO of a privacy startup: The year brings significant changes in the field of data protection
Cyber Security GDPR Personal Data

CEO of a privacy startup: The year brings significant changes in the field of data protection

March 13, 2024
Introducing Marit Kesa – GDPR Register’s new Sales and Customer Success Manager
GDPR Personal Data Privacy Data Breach Technology

Introducing Marit Kesa – GDPR Register’s new Sales and Customer Success Manager

February 19, 2024
New record for GDPR fines: over four billion euros in penalties
Fines GDPR Personal Data Technology

New record for GDPR fines: over four billion euros in penalties

October 31, 2023
Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts