Read full title
Q&As
Handling data subject requests—if I request further identity information, when does the clock start ticking?
Published on: 13 November 2020
The UK General data protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) provides for enhanced rights for data subjects, including providing rights of access, rectification, erasure and restriction of processing, data portability and a right to object to processing, with strict time limits for complying.
Under the GDPR, you must respond to a data subject request without undue delay and in any event within one month of receipt of the request.
That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You must inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. See Q&As: What makes a data subject access request ‘complex’?, How long do I have to comply with a data subject request? and How do I calculate the time limit for responding to a data subject request?
One of the first steps on receiving a data subject request
Get your quote today and take step closer to being able to benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 36 practice areas
Get a LexisNexis quote
* denotes a required field
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Data subject definition
What does Data subject mean?
Under the GDPR, an identified or identifiable natural person. The concept is key to determining what is personal data (ie information relating to a data subject) and which persons have rights under the GDPR.
CONTACT US
