This information is called ‘personal data’. All employees can make a Data Subject Access Request ‘DSAR’, at any time, and a refusal to comply can attract serious sanctions from the Information Commissioners Officer.
DSARs are most commonly used to gain access to information which will help them raise a grievance or to launch further legal action against their employer. Whilst this was not the intended purpose for a DSAR, this right of access to personal data is enshrined in EU law and applies to any organisation – not only employers. It is therefore irrelevant if the employee fails to give a reason for their request, all that matters is that they have made one. It is important to note that there is no longer any fee to be paid by the employee when making the request.
A typical Data Subject Access Request ‘DSAR’ will usually request a description of the personal data, the reasons it is being held and whether any outside organisations have access to it. Often, employees will also want copies of the documents which contain the data.
These requests can be stressful to manage, particularly if you are not familiar with the legislation governing them. It is often left to human resources to oversee the disclosure of the information and this can lead to hours of wasted management time. In some cases, it can also lead to employers over disclosing, and providing access to information that the employee is simply not entitled to.
How do you respond to a data subject access request?
Our employment team understand data protection legislation and is highly experienced in handling complex DSARs for employers of all sizes throughout the UK. We aim to assist your business in a way which complies with the law and protects the rights of the employee without compromising confidential business information.
Steeles Law has developed a fixed fee retainer service for taking all of the stress out of receiving such requests. The service entails:
- Drafting all correspondence to the data subject: initial response, extension of time letters, final disclosure, confirmation of steps taken and nature/sources of data held in compliance with the legislation
- Liaising with IT department to identify appropriate search terms to collate data
- Filtering that data to assess and remove disproportionate/privileged/otherwise non-disclosable documents
- Undertaking full electronic redaction service on all disclosable documents, using specialised redaction software to minimise ability of data subject to remove redaction
- Secure cloud storage of redacted data ready for your team to disclose to data subject.
Our employment team understand data protection legislation and are highly experienced in handling complex DSARs for employers of all sizes throughout the UK. We aim to assist your business in a way which complies with the law and protects the rights of the employee without compromising confidential business information.
If you receive a Data Subject Access Request ‘DSAR’, or better yet are reviewing ways to best protect your business when you next receive DSAR’s, contact our dedicated DSAR team to discuss how we can solve your concerns for you with our specialised service at a fixed cost. Contact the Steeles Law Employment team on 01603 598000 or email firstname.lastname@example.org. Appointments are available at our Diss, Norwich and London offices or at your offices by appointment.
Keep informed and in the loop
Changes in the law can impact on your day-to-day business and it’s important to keep yourself and your managers in the loop. For regular updates, please sign up for our e-news.