How to

Go to section

This is a preview. To continue reading, register for free access now. Register now or Log in

How to respond to subject access requests from employees under the UK GDPR

Author: Jo Broadbent

Summary

Click on any of the hyperlinks to go to more detailed guidance below.

Be aware that employees have the right under the UK GDPR to ask employers for copies of personal data relating to them.
Implement policies and procedures for dealing with subject access requests that reflect the requirements of the UK GDPR.
Ensure that all subject access requests are identified.
Check the identity of the data subject if necessary.
Take steps to clarify the scope of the subject access request.
Consider if the request is manifestly unfounded or excessive.
Assess where the relevant data is held.
Carry out the searches required to assemble the relevant personal data.
Assemble all the required information.
Provide the data to the employee.
Maintain records of subject access requests.

Read more items tagged with the same topics

Managing employees/workers
- Data protection
  - Data subject access requests

Manage your tracked topics>

About this resource

Status: This resource is kept under review and updated in line with developments.
Updates: Updated to reflect the ICO's guidance on fees to cover the cost of responding to manifestly unfounded or excessive requests.

Templates

The following policy statements* will be included in your export:

When To Include