The Information Commissioner’s Office (ICO) have published new guidance for employers dealing with Subject Access Requests, which highlight some common misunderstandings and mistakes.

 

Under the UK’s Data Protection Regulations, a Subject Access Request (SAR) can be submitted by anyone to obtain a copy of personal data that is held about them by an organisation, including where the information was obtained, who it is shared with, and what it is used for.

 

When SARs are requested by employees, they can relate to areas including sickness records, attendance records, reviews, or performance data.

 

There are strict timescales for responding, of one month. However, in complex cases this can be extended to 2 months.

 

Last year alone the ICO received more than 15,000 complaints relating to SARs.

The attached link details some useful information relating to SARs, SARs Q&A for employers | ICO.