Data Subject Access Requests (DSAR)
DSARs for Employers
The receipt of a Data Subject Access Request (DSAR) from an employee or ex-employee can provide significant challenges for any business.
With only one month to meet your legal obligations to evaluate a potentially enormous quantity of emails and other digital records, it’s not uncommon for an organisation to feel somewhat overwhelmed.
How Loch Associates Group can help
Our dedicated DSAR specialists at Loch Associates Group have extensive experience dealing with data protection legislation, and can provide the necessary guidance and assistance to ensure you comply with a Data Subject Access Request.
In order to help minimise the time, stress and any disruption to your business, we can:
- Review all the necessary documents, messages and records
- Determine what personal data needs to be disclosed
- Redact sensitive information that’s not pertinent to the DSAR request•
- Take care of the entire process for you
With our expertise in data protection law, we can also minimise your costs and legalities. This ensures that the handling of your DSAR request is not just fully compliant, but also cost effective.
“The people from Loch Associates Group were always friendly and professional and were happy to help with all subsequent queries.
We have no hesitation in continuing to work with them to ensure our continued compliance”
Data Protection Officer, Accountancy Practice
Should I handle a Data Subject Access Request in-house?
While DSAR requests can be carried out internally, there are a number of things to consider first:
- Using staff that may lack expertise in handling data requests can increase the possibility of releasing sensitive data about a client or other individuals – resulting in a potential breach of the Data Protection Act
- If a senior staff member is required to handle the request, you need to consider their time and the potential impact on the business by involving them
- If a junior member of staff is required to handle the request, they may have access to potentially sensitive data about their colleagues or managers and may not fully appreciate what they need to do
By working with Loch Associates Group you can can not only ensure that your Data Subject Access Request meets your legal obligations, but that you and your team are able to focus on your business objectives.
What is a Data Subject Access Request (DSAR)?
Current data protection law specifies that any individual can make a written request to access a copy of any and all personal data held about them by an organisation. This request is known as a Data Subject Access Request (DSAR).
In the case of an employee making a DSAR to their employer, this can entail processing not only payroll and personnel information, but also potentially years of internal emails, documents, telephone records, CCTV records, electronic memos and other materials.
A business in receipt of a Data Subject Access Request is required under the Data Protection Act 2018 to respond within a month- or it could face fines in the hundreds of thousands of pounds.
Responding to a DSAR
Responding to a DSAR will usually comprise:
- Verifying the identity of the individual making the request and ensuring that the business does not share personal data with the wrong person
- Confirming the existence of personal data that is held and processed by the organisation
- Providing descriptions of this data, the reasons for its processing and whether it is to be shared with any other entities
Producing copies of any and all information that comprises the personal data
- Disclosing the source(s) of the personal data, where applicable and available
Data released in response to a DSAR cannot contain sensitive personal information about other individuals than the originator of the request, and so all records released must be processed to redact data that should not be shared. If the Data Subject Access Request is fulfilled incorrectly and the wrong records are released, the individual behind the request can use this against the organisation and file a complaint with the ICO.
We can make your life easier by handling your DSAR requests.
“ The speed of their service levels combined with high quality advice always exceeds our expectations and as a result we have been a satisfied client of the firm for over 7 years. I would not hesitate to recommend Loch Employment Law to any business.” Operations Director, Professional Services
“Thanks for all your help. Very impressed how you pressed the negotiations forward on Wednesday to allow us to reach a quick resolution.”App Developer
“Being a new employer can be very daunting but you gave me the confidence to forge ahead with the process always explaining things in a straight forward manner.” Dave Mac, Employer