Updated Guidance from the Information Commissioners Office
Updated guidance for subject access requests
The Information Commissioners Office has issued updated guidance for the timings for compliance with subject access requests (SAR) following a ruling by the Court of Justice of the European Union.
Organisations receiving subject access requests have one month to respond from receipt of the SAR but should note that “the timescale has now changed to reflect the day of receipt as ‘day one’, as opposed to the day after receipt”.
“For example, a SAR received on 3 September should be responded to by 3 October”.
Retaining Personal Data
The ICO has issued a warning for those that deal with personal details of others in the course of their work and to ensure that when retiring or moving to a new role that individuals understand the implications of the Data Protection Act 2018.
The warning is issued following the conclusion on an investigation into the actions of two former Metropolitan Police Service (MPS) officers, where the former officers had spoken to the media about a case they had worked on as serving officers involving an MP.
Under the DPA 2018 it is still unlawful to retain or disclose personal data acquired in the course of employment and also includes a new element that is unlawful to knowingly or recklessly retain personal data without the consent of the data controller.
Employers are advised to consider policies particularly in relation to where personal data is kept and ensure policies are in place to cover procedure on exit from a role, such as disposal of notebooks and other such items.
Posted on 1 October, 2019 by Ortolan