Data Protection – a practical guide to handling subject access requests
A practical outline of the data protection regime with a focus on an individual’s right to access personal data (Subject Access Request).
- The Data Protection Regime – the Data Protection Directive and Data Protection Act 1998
- Consequences of non-compliance – enforcement of the DPA regime and the Information Commissioner’s powers
- Consequences of non-compliance – civil actions by individuals, compensation and criminal liability
- Subject Access Requests in employment and their scope – entitlements of an individual making an SAR
- Information covered by Subject Access Requests and types of data – Is it data? Is it personal data?
- Validity of Subject Access Requests, making your response and information to be provided
- Third party information
- Exempt data in the employment context
- Health records
- Subject Access Request checklist