27 June 2023

The information commissioner’s office (ICO) has released a Q&A page detailing a number of aspects about subject access requests (SARs) for employers.

As payroll professionals we need an understanding of the UK general data protection regulations (UK GDPR) and how we must comply with SARs. It may not be you completing the response, but you may need to collect some data and provide information to your data compliance officer.

The Q&As cover some important areas and provide examples to help clarify the rules. These areas include:

  • what format do requests need to be in?
  • can information be withheld?
  • do you need to disclose non work-related personal information?
  • what happens if a worker isn’t happy with a response?

The guidance also dives into the meanings and interpretations of ‘manifestly unfounded’ and ‘manifestly excessive’ as reasons for withholding or denying information. These factors can be key when dealing with spurious or malicious requests.

ICO stated that they received over 15,000 subject access complaints last year alone, showing that this can be a complex area that employers struggle to satisfy individuals with. Making sure you understand how a SAR is supposed to be completed will go along way to ensuring compliance and avoid and fines or reprimands.

Information provided in this news article may be subject to change. Please make note of the date of publication to ensure that you are viewing up to date information.