• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to secondary navigation
  • Skip to primary sidebar
  • Skip to footer

Yorkshire's Employment Law & Data Protection Specialists

  • Home
  • About
    • About us
    • Brian Harrington
    • Nathan Combes
  • Services
    • Employment Law & HR Advice
    • Settlement Agreements
    • Data Protection
    • Training
    • Price transparency
  • Legal updates, news & events
  • Contact us
  • Search
  • Home
  • About
    • About us
    • Brian Harrington
    • Nathan Combes
  • Services
    • Employment Law & HR Advice
    • Settlement Agreements
    • Data Protection
    • Training
    • Price transparency
  • Legal updates, news & events
  • Contact us
  • Search

Data Protection | ICO issues fresh guidance regarding time limits for dealing with Data Subject Access Requests

You are here: Home / Data Protection | ICO issues fresh guidance regarding time limits for dealing with Data Subject Access Requests

23rd January 2020 //  by curcom76

The Information Commissioner’s Office (ICO) has recently amended its General Data Protection Regulation: Right of access guidance on the time limits for compliance with a data subject access request (DSAR).

Key changes

The ICO’s amended guidance confirms that when a data controller requests clarification from an individual making a subject access request, the start of the one-month time period for compliance will no longer be paused until after the controller receives the requested information. Similarly, the extended timescale (of up to two further months) for responding to complex or multiple DSARs will also no longer be paused.

It’s important to note that the new timescale for responding to a DSAR will begin to run from the date that the DSAR is received or, if later, upon receipt of proof of the individual’s identification. This is an important change from the previous regime which paused the time period for compliance until the controller received any information sought from the individual.

What does the revised ICO guidance say?

The ICO’s revised Right of Access guidance now says:

“If you process a large amount of information about an individual, you may ask them to specify the information or processing activities their request relates to before responding to the request. However, this does not affect the timescale for responding – you must still respond to their request within one month. You may be able to extend the time limit by two months if the request is complex or the individual has made a number of requests”.

Practical issues

One clear area of concern is where the individual making the subject access request delays in providing the additional information that the controller has requested. This could have a knock on effect and make it more difficult for controllers to collate their response to the subject access request in time.

Companies and organisations may wish to note that whilst neither the GDPR nor the Data Protection Act 2018 specifically require data subjects to complete a subject access request form, the existence of such a form may enable controllers to receive the information needed to respond to a subject access request in a timely and comprehensive fashion whilst also limiting the potential for businesses and organisations to fall foul of the existing regulations.

Please contact us if you’d like more information about the issues raised in this article and/or or to find out more about the various Data Protection related policies, procedures, guidance and training that we provide.

You May Also Be Interested In:

Employer Update | Furlough Leave & Pay

Employer Update | TUC demands employers produce coronavirus (COVID-19) risk assessments

Employer update | Homophobic statements & discrimination in employment

morrisons supermarket vicarious liability

Who’s legally responsible when an employee “goes rogue”

Employer Update | Government announces new statutory right to neonatal leave and pay

covid-19 coronavirus graphic

Employer Update | COVID-19 (Coronavirus) & Data Protection

Data Protection | Understanding Brexit and the GDPR

Employer Update | Handling Disciplinaries

Data Protection | ICO issues fresh guidance regarding time limits for dealing with Data Subject Access Requests

Previous Post: « Employer Update | Whistleblowing
Next Post: Employer Update | Handling Disciplinaries »

Primary Sidebar

NEWS & EVENTS

Employer Update | Furlough Leave & Pay

Flexibility The Government has now confirmed that from 1 …

Employer Update | TUC demands employers produce coronavirus (COVID-19) risk assessments

The Trades Union Congress ("TUC") has demanded that all …

Employer update | Homophobic statements & discrimination in employment

The European Court of Justice ("ECJ") has confirmed that …

morrisons supermarket vicarious liability

Who’s legally responsible when an employee “goes rogue”

In a landmark decision the Supreme Court has confirmed that the …

Employer Update | Government announces new statutory right to neonatal leave and pay

The government has confirmed that a new statutory right to up to …

Footer

Our Lawyers

  • Brian Harrington
  • Nathan Combes

Our Offices

BRIGHOUSE
19 Bradford Road
Brighouse
HD6 1RW
Tel: 01484 240633

 

YORK
The Studio
30 Acomb Road
York YO24 4EW
Tel: 01904 238896

 

CLECKHEATON
27 Northgate
Cleckheaton
BD19 3HH
Tel: 01484 240633

Contact Us

Contact us today – find out how we can help you.

  • Privacy Notice
  • Website Terms & Conditions
  • Complaints Procedure

Site Footer

Harrington Law is a trading name of Harrington Law Limited which is a limited company registered in England and Wales  with registered number 11651440 whose list of directors is available for inspection at its registered office which is 19 Bradford Road Brighouse West Yorkshire.  Harrington Law Limited are solicitors of England and Wales authorised and regulated by the Solicitors Regulation Authority under SRA number 666091.  Details of the Solicitors Code of Conduct can be found at www.sra.org.uk.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT