Skip to Main content

Search results for ''...


Sorry, there were no results

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

  • Overview

    Back in December of 2019 the Information Commissioner’s Office (ICO) held a consultation outlining guidance for dealing with Data Subject Access Requests (DSARs.) DSARs are requests from individuals asking organisations what personal data they are using and/or storing about them. An individual’s right to access, amend, transfer and erase the personal data and organisation holds about them are fundamental principles of the General Data Protection Regulations (GDPR.)

    Recently the ICO published a new guide clarifying key information, including how organisations should respond to these requests.

    According to the guide, organisations must respond as soon as possible to a DSAR, however they may take up to no more than one calendar month from the day the request is received. If the request is particularly complex or many are received at one time, the organisation may take a maximum of three calendar months to respond. The guide also outlines that the time limit can be paused if the individual does not specify what personal information they would like access to or if the request is amorphous and vague. At this point, the organisation can contact the requester and ask for clarification.  The time limit resumes when the request is clarified. It is important to note that organisations must only ask for clarification if it is necessary in order to respond or if there is a large amount of information to process.

    A company can refuse to respond to a DSAR outright if it is believed to be manifestly unfounded or excessive. Adequate proof must be provided to deny a request, but this could include:

    • the individual stating they intend to cause disruption by making the DSAR
    • the individual inferring they are targeting a particular employee
    • the individual frequently makes multiple complex requests, without a clear rationale.

    The organisation must consider DSARs on a case by case basis and must not apply a blanket disregard. Alternatively the guide also states that the organisation can agree to respond to potentially unfounded or excessive requests for a fee. The charge should be proportionate to that of staff time and equipment used to fulfil the request.

    It is worth noting that the requirement to respond to DSARs is not limited to commercial organisations. Charities, not-for-profit, public authorities and educational establishments are all required to comply with requests and the time limits regardless of their resources to do so. However, it may be possible to make use of the extension of time if an organisation encounters complexity in replying as a function of its nature, for example, if the organisation is managed by volunteers or has lower staffing levels during holiday periods.

    With this new guide, the ICO have thoroughly clarified their information and standards on how companies should respond to DSARs. More details and advice can be found on the ICO Website.

  • Related Services

    Commercial

    We draw on our extensive legal, commercial and industry expertise when working with you to achieve your strategic objectives.

    Data protection, GDPR and privacy

    Data protection and privacy law is a complex and fast-changing area with international differences adding an extra layer of complexity. 

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

^
Jargon Buster