DPDI Bill’s proposed changes offer modest support for subject access compliance burden

The Data Protection and Digital Information Bill (DPDI), currently before the House of Lords, includes several proposals relevant to controllers handling subject access requests. By Sally Annereau of Taylor Wessing.

The subject access right is a cornerstone of UK data protection law. The ability to access their personal data enables individuals to identify issues or concerns about how their personal data is processed by controllers and, in turn, informs the exercise of other important rights, such as obtaining the correction or erasure of personal data.

Subject access requests (SARs) are common in the UK and there has been a growing tendency for the right to be misused in ways that can place unnecessary administrative and financial burdens on data controllers. Examples include requests made in anger or spite, in the context of an unfounded complaint, or to apply further pressure to a controller when seeking a favourable settlement outcome for an unrelated dispute.

Continue Reading

International Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.