‘A Practical Guide to Managing GDPR Data Subject Access Requests – Second Edition’ by Patrick O’Kane
Second Edition including updated case law and legal references.
How should your company or law firm respond to requests from people who want to access their personal data?
GDPR gives individuals the right to access and seek a copy of all of the personal data your company holds on them. This may include access to emails, call recordings, CCTV footage and any other record containing their personal data.
A study showed that companies spend up to £1.58 million per year dealing with GDPR Data Subject Access Requests (‘DSARs’/’Access Requests’). The Information Commissioner’s Office receives more complaints on Access Requests than any other issue.
Access Requests are a legal minefield. If Access Requests are mishandled, they can leave companies open to fines, litigation and reputational damage.
This concise practical guide explains how to comply with Access Requests under GDPR. The book explains how to:
- Recognise Access Requests
- Understand the UK data protection framework post-Brexit
- Comply with the rules and time limits on Access Requests
- Find the personal data
- Redact the personal data
- Understand the exceptions to Access Requests
- Assess how legal professional privilege impacts Access Requests
- Deal with Access Requests from your own employees
- Draft a staff policy on Access Requests
- Train Staff on Access Requests
- Deal with other GDPR rights such as the ‘Right to Erasure’
- Draft responses to employees and clients seeking access to their personal data
This book aims to put your company on the right side of GDPR Data Subject Access Requests.
ABOUT THE AUTHOR