On October 21, 2020, the Information Commissioner’s Office (ICO) published guidance on subject access requests (SARs), aiming to provide more detailed information and address specific practical concerns so organizations can handle the requests effectively and efficiently.

Register for our webinar, ICO Releases DSAR Guidance: What You Need to Know, to learn more

As the use of personal data continues to increase, more people are exercising their rights in relation to their data, so ensuring that individuals have access to their personal data is becoming an increasing priority for organizations. Fortunately, it doesn’t need to be complicated!

Aimed at DPOs, the ICO’s guidance provides clarity on the nature of access rights, how to prepare for SARs, how to respond, and exemption classifications. There are also sections dedicated to the right of access to health, education, and social work data, addressing the nuances of those sectors.

What Have the ICO Clarified?

This latest guidance from the ICO aims to support organizations fulfill their SARs responsibilities with detailed information around all areas of the SARs process. The ICO notably provided clarity on four key issues that were highlighted in their December 2019 consultation.

This in-depth guidance on SARs is a helpful step forward for organizations working towards an effective SARs process. The ICO is also planning to release additional resources including simplified SAR guidance for small businesses, so that’s something to watch out for!

Building a strong process around access requests is a vital part of any compliance program, it helps instill trust in an organization and therefore is key to a successful relationship with users. For information on how you can build a strong SARs process register for our webinar, ICO Releases DSAR Guidance: What You Need to Know.