On 24 May 2023, the Information Commissioner’s Office (ICO) published guidance on subject access requests (SARs) for businesses and employers
The article is titled, “SARs Q&A for employers” alongside a blog.
The right of individuals to access their own personal data that organisations hold is contained in the UK GDPR and Data Protection Act 2018. If organisations fail to respond to SARs promptly, or at all, they can be subject to fines or a reprimand from the ICO.
The ICO received over 15,848 complaints relating to SARs from April 2022 to March 2023. Elanor McCombe, Policy Group Manager at the ICO, commented that “many employers are misunderstanding the nature of subject access requests, or underestimating the importance of responding to requests”.
The ICO is publishing draft guidance in stages. It is currently analysing responses to its consultations on workers’ health information and monitoring at work. The ICO is expected to release further draft guidance, most likely in relation to recruitment and selection and employment records as well as checklists and accompanying tools.
SARs Q&A for employers | ICO
James Williams