ICO updates guidance on timescales for responding to data subject requests

Ben Spence

The Information Commissioner’s Office (ICO) has updated its guidance on timescales for responding to data subject individual rights requests. The guidance makes clear that, when calculating the one-month period for response, the day of receipt is day one rather than the day after receipt.

How long do you have to comply with a request?

You must comply with a request without undue delay and at the latest within one month of receipt of the request or (if later) within one month of receipt of:

  • any requested information to clarify the request;
  • any information requested to confirm the requester’s identity; or
  • a fee (only in certain circumstances).

You should calculate the time limit from the day you receive the request (whether it is a working day or not) until the corresponding calendar date in the next month.

If the corresponding date falls on a weekend or a public holiday, you have until the next working day to respond.

This means that the exact number of days you have to comply with a request varies, depending on the month in which the request was made.

The ICO have also published guidance on manifestly unfounded and excessive requests under the Guide to Law Enforcement Processing.

Link below to the ICO website with the updated guidance:

https://ico.org.uk/for-organisations/guide-to-data-protection/whats-new/

 

Ben Spence – HR Business Partner

Ben Spence

I am a confident and commercial MCIPD qualified HR Professional with over 15 years’ experience in Human Resources. Prior to joining Cook Lawyers I spent 3 years at Wigan and Leigh College as a HR Business Partner and 4 years providing a HR Service to Schools in Lancashire and Wigan through the local authority. I have a real passion to ensure employment issues are managed effectively and in a timely manner.