Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

ICO issues new detailed subject access requests guidance

Oct 22, 2020 | ICO

Link(s): https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/blog-simplifying-subject-access-requests-new-detailed-sars-guidance/

Context

The ICO has published a blog introducing new right of access detailed guidance. The guidance was initially published as part of a consultation process in December 2019 and received over 350 responses from firms of varying sizes and sectors.

In the ICO’s view, the right of access is a cornerstone of data protection law and good SAR (Subject Access Request) compliance instils trust and confidence. The ICO notes that more and more people are becoming aware of the power of their personal data and are exercising their rights; making it increasingly important that businesses know how to deal with a SAR effectively and efficiently. The ICO believes that it is essential that organisations get SARs right, because people’s trust in how organisations use their personal data plays a role in their overall confidence and support.

Key points to note

The new guidance provides clarity on the three key points raised in feedback received as part of the consultation:

  • Stopping the clock for clarification – The ICO received feedback that indicated that seeking clarification on requests often didn’t leave enough time to respond. The guidance clarifies that in certain circumstances, the clock can be stopped whilst organisations are waiting for the requester to clarify their request.
  • What is a manifestly excessive request – In an effort to combat confusion over when to class a request as manifestly excessive, additional guidance has been provided and the definition has been broadened.
  • What can be included when charging a fee for excessive, unfounded or repeat requests – Feedback about the fee for staff time involved in responding to manifestly unfounded or excessive requests, or responding to follow-up SARs, has been taken into consideration and the guidance has been updated in respect of what organisations can take into account when charging an admin fee.
  • The guidance includes further clarity on previously published content and the addition of some new guidance.
  • The guidance aims to give firms more insight into how to deal with SARs and access the information quickly and easily.
  • The ICO is planning a suite of further resources including a simplified SAR guide for small businesses.

Next actions

Firms should consider the guidance against their existing SAR processes to ensure that requests are handled appropriately. Where any changes are implemented firms should ensure that relevant staff are given appropriate training on the revised processes.