BIP Features »

August 16, 2019 – 7:00 am |

A Midlands shipping firm is the driving force behind a pioneering UK company which specialises in luxury trike conversions.
Global Freight Services has added Telford based AA Trikes to its growing portfolio of clients and is …

Read the full story »
BIP business guides & tools

Please register/login to access content

BIP Access to Finance

Access to Finance,Grants & Business Support

BIP Features

West Midlands business highlights, opportunites and networking

Bips and Pieces

All the best from the web handpicked out by our team, including the World of tech

Business News

Latest West Midlands news affecting your business

Home » Business News, News in Brief

Joined-up approach vital for data requests…

Submitted by on August 14, 2019 – 7:00 am |

Susan Hall

Susan Hall

The number of subject access requests (SARs) has increased massively since the implementation of the General Data Protection Regulation (GDPR) in May 2018, says Susan Hall, partner at Clarke Willmott LLP.

SARs allow people to request what information an organisation holds about them and why it is holding this information – for instance if a person fears they are being blacklisted when they are applying for jobs, or believe they are being treated unfairly, or discriminated against in some way.

Mishandling a SAR, either by failing to respond in a timely manner or by failure to disclose relevant material or disclosing inappropriate material, can be a very costly mistake.

“The arrival of a SAR may be just the start of a number of legal issues for a business, says IT and information technology specialist Susan.

“Where matters have become potentially litigious it is vital to make sure that a joined-up approach is used for all communications with the potential litigant.

“Even when there is no direct threat of litigation, SARs should always be dealt with centrally and consistently, and with management and legal input into the process.”

Anyone can make a SAR, but says Susan, they are most often made by people who have a grievance and/or are looking for evidence on which they can base a claim.

“Having strict data protection policies, systems and procedures in place will make it much easier to comply with SARs appropriately.

“These should cover the whole stage of the data journey with policies on use of business systems and on data minimisation, and with information held in a clear, accessible and identifiable location. 

“Businesses should have systems to identify when a SAR has been made, especially since there is no prescribed way of making one. They can be made over the phone or by social media.

“Policies should make it easier to find relevant data to comply with a SAR, but with vast volumes of personal data appearing on a request, specialist analysis and review platforms may need to be used to comply within relevant time limits.”

Susan says any SAR demand must to be dealt with promptly – 30 days for answering and providing the data requested, with limited rights to extend by two further 30-day periods.

It is a criminal offence once a subject access request has been made to destroy, delete, conceal or erase data to which the requester would otherwise have been entitled.

Susan Hall’s expertise includes working with a wide range of clients ranging from government departments and universities, to multi-nationals, owner-managed businesses and start-ups.

For more information contact:

Clarke Willmott LLP is a national law firm with seven offices across the country including Birmingham, Bristol, Cardiff, London, Manchester, Southampton and Taunton.

Go to the main page

Tags: , , , , , , , , , ,

Leave a comment!

You must be logged in to post a comment.

We use Cookies - By using this site or closing this you agree to our Cookies policy.
Accept Cookies