Has a member of your staff made a data subject access request or are they exercising any other right under data protection laws? EM Law are experts in dealing with individuals exercising their rights under data protection laws. Our lead data protection lawyer is Neil Williamson who has extensive experience in advising clients on a wide range of data protection matters.
On 25 May 2018 the General Data Protection Regulation (GDPR) came into force. The GDPR ushered in a number of changes to data protection, including new and updated rights for individuals.
Individuals have a number of rights under the GDPR. These rights are:
The right of access gives individuals the right to obtain a copy of their personal data as well as other supplementary information. The right of access can help individuals understand how and why you are using their data and is often submitted in the form of a data subject access request.
Put simply, a data subject access request is a request that allows individuals to find out what personal data an organisation holds about them, why they hold it and who the information is disclosed to. For information to be personal data, it must relate to an identified or identifiable natural person. Such information, either on its own or in combination with other data, may include personal contact details about that individual, information about their appearance, or information about sick leave.
For a data subject access request to be valid, it must come from an individual or from someone acting on their behalf. Often, this will be a solicitor acting on behalf of a client but can also be a family member or a friend.
Individuals can make data subject access requests verbally or in writing. The ICO even suggests that individuals can make data subject access requests through social media sites such as the organisation’s Facebook or Twitter. A data subject access request does not have to include the phrase ‘subject access request’ or refer to Article 15 of the GDPR, as long as it is clear that the individual is asking for their own personal data.
To avoid inadvertently disclosing personal information to the wrong person, an organisation should first seek to establish that the individual making the data subject access request is who they say they are. If there are doubts, organisations can request proof of ID or request proof of a relationship with the individual.
In addition to a copy of an individual’s personal data, organisations must provide other information. This information includes the retention period for storing the data, the individual’s right to request erasure of their data, and the safeguards in place when their data is transferred to an international organisation.
Organisations should be mindful where an individual’s personal data includes information about other individuals. The Data Protection Act 2018 states that an organisation does not have to comply with a data subject access request if it means disclosing information about other individuals unless the other individual has consented to the disclosure or it is reasonable to comply with the request without that individual’s consent. In determining whether it is reasonable to comply, there are a number of factors that should be taken into consideration. These include the type of information being disclosed, any duty of confidentiality owed, and any express refusal of consent. If the other individual does not give their consent and it is not reasonable in the circumstances to disclose the data without their consent, an organisation should consider removing or redacting the data about that other individual.
The ICO has a range of enforcement tools available to it under the GDPR including issuing warnings, notices, ordering compliance and imposing fines. These fines can be very large; up to 20 million euros or, if higher, 4% of an organisations worldwide annual turnover.
If you are looking for assistance with a data subject access request or more generally with individuals exercising their rights under data protection laws contact Neil Williamson.
"Neil and his team have undertaken several items of legal work covering contracts, agreements and share option schemes for IMC Worldwide... View More Testimonials"
Gavin English MD IMC Worldwide Ltd
"Neil at EM Law advised us with regards to GDPR. He was thoughtful and thorough.... View More Testimonials"
COO of a Strategic Communications Agency
"I want to thank Neil at Emerging Law for his support and guidance whilst I have been setting up my own business. He has talked me through the step by step stages and legalities involved so that I can make informed decisions about my business approach... View More Testimonials"
Ayshen Ali founder Attainers Limited
"I felt incredibly fortunate to have come across Imogen. She was fantastic at helping at every juncture... View More Testimonials"
SM, Recruitment Manager
"Neil and Lauren were both very helpful in drafting contracts I needed for my firm... View More Testimonials"
Alex Mosley, Director Perrygate Property Limited
"Neil and Helen provided us with an employment contract and terms and conditions of business. We found Neil and Helen to be extremely informative and helpful throughout the process... View More Testimonials"
Grant Lambert MD Honor Search (Digital Recruitment)
"Neil Williamson, I cannot thank enough for his work and legal advice, which had brought the great result.... View More Testimonials"
"Neil was brilliant, patient and thorough guiding me through queries setting up my business to be compliant.... View More Testimonials"
Kate York, Photographer
"Neil and I worked alongside each other for several years securing software business overseas for Crown Agents... View More Testimonials"
Nick Small Director Nick Small Consulting
"What can I say about Imogen? She was the shining star in what was a very difficult time for me.... View More Testimonials"
VR, Nutritional Chef and Culinary Manager
"Imogen....has a very personable approach and is succinct in her communication. I would highly recommend her... View More Testimonials"
KE, Development Manager
"Imogen has always given me sound, objective and carefully considered legal advice.... View More Testimonials"
MB, Senior Sponsorship Manager
"Thank you for all your help with the matters regarding my company, you have been thorough in all aspects to the finer detail... View More Testimonials"
John Taylor Director Glo-bell London Ltd
"Neil is able to address complex issues, give us advice that we can follow and come up with creative solutions... View More Testimonials"
Ismet Yucetas CEO Middle East Air Drilling Services
"Imogen is a fantastic employment lawyer. Clear, supportive and very skilled in her area.... View More Testimonials"
LC, Director at a Management Consultancy
"Neil helped us structure, negotiate and put in place our first client software-as-a-service contracts. His technical and commercial advice was invaluable - he understands exactly where we are coming from... View More Testimonials"
Lena Rosenior CEO De Graft Management Ltd
"Cardno has worked closely with EM Law since 2013. The advice and support provided to our business by EM Law has been of a high quality, relevant to our requirements and more importantly helped us to make the appropriate decisions that have contributed to the success of our business... View More Testimonials"
George Mukkath Managing Director Cardno Emerging Markets (UK) Ltd
"We have been working with Neil for many years now, more recently on a retained basis because he has become someone we trust and who understands our business requirements. ... View More Testimonials"
Rupert Wood CEO Wasteland Ski Ltd
"We have worked with Neil and his colleagues on a number of different company issues including business acquisitions, client contract and employment matters... View More Testimonials"
Dave Dadds CEO DRD Communications Ltd
"Starting a new venture, within a new country......I needed someone who could understand the complexities and culture of the venture...... View More Testimonials"
Maren Koros CEO Afyacore
"EM Law have supported Anexsys with a number of legal issues, ranging from drafting complex IT contracts to developing conflict policies and advising on a range of complex multi-jurisdiction legal issues... View More Testimonials"
Rob Crowley MD Anexsys Ltd
Can We Help You?
We are here to help with any of your questions.
Just click "Yes" below.
Please enter your question below
Please enter your name and email address so than we can send you a response
Thank you for sending us your question. We will contact you shortly to discuss this.
Sorry, there is a technical issue. Please contact us by telephone: 0203 637 6374