On 21 October 2020, almost a year after the UK’s Information Commissioner Office (ICO) provided draft guidance on the right of access, the ICO published its updated guidance on data subject access requests (DSARs), available here (Guidance).

In a previous post available here, we covered what DSARs are and the principles areas of focus of the draft guidance.

So, what has changed? Overall, the Guidance provides more in-depth advice and further examples to help organisations understand how they can meet Article 15 of the General Data Protection Regulation (GDPR) requirements in handling DSARs.

There are, however, three particular areas of note, where the ICO provided further explanation.
Continue Reading ICO releases updated guidance on data subjects’ right of access

On 4 December 2019, the Information Commissioner’s Office (ICO) published draft guidance on data subject access requests (DSARs) (Guidance). This updated Guidance comes just 18 months after the current version was first published in April 2018. Previously, in June 2019, the ICO (here) criticised the Metropolitan Police for its handling of DSARs. The ICO also outlined some of the practical steps for responding to DSARs.

The new Guidance further recognises the importance of some of the issues organisations are facing when dealing with DSARs, while the consultation process seeks to refine this further by taking into account organisations’ experiences in dealing with DSARs made since May 2018, when the General Data Protection Regulation (GDPR) came into force.

Below, we take a look at some of the key, new provisions of the updated Guidance.Continue Reading ICO consultation on draft guidance on the right of access