Subject access requests: New challenges arise from Covid-19
Rebecca Cousin and Cindy Knott of Slaughter and May discuss the ICO’s draft guidance, and how to manage DSARs in the current environment.
Although the ongoing Covid-19 situation has forced organisations to operate differently than previously, there are a number of areas that continue to be challenging, and yet must still be dealt with. One such area is that of data subject access requests (DSARs). Typically, employee DSARs present bigger challenges than customer ones. Reasons for this include the amount of data that will need to be searched, the fact that the data is often spread across systems and that it is inevitably co-mingled with data about other individuals. Whilst some organisations have seen a decrease in DSARs being submitted during the pandemic, others are noticing a definite increase, most likely as a result of the many decisions being taken around redundancies, furloughing, pay cuts, laying off staff, sick leave and sick pay and other employment-related issues. With this in mind, it is helpful to revisit some of the areas controllers often struggle with and to consider how the draft guidance published by the ICO in December 2019 on the Right of Access (the “draft guidance”) addresses them.(1)