Read full titleNews 4
Q&As
How do I calculate the time limit for responding to a data subject request?
Published on: 05 December 2019
The General data protection Regulation, Regulation (EU) 2016/679 (GDPR) provides for enhanced rights for data subjects, including providing rights of access, rectification, erasure and restriction of processing, data portability, a right to object to processing and a right not to be subject to a decision based solely on automated processing, including profiling, with strict time limits for complying.
You must respond to the data subject without undue delay and in any event within one month of receipt of the request, or within one month of receiving:
- •
any information you have requested to confirm the requester’s identity
- •
any fee you have charged
That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You must inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. See Q&As: What makes a data subject access request ‘complex’? and How long do I
Get your quote today and take step closer to being able to benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 36 practice areas
Get a LexisNexis quote
* denotes a required field
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Related documents:
- Challenges presented by the GDPR in its first year in the employment context
- Court of Appeal rules on LPP and ‘relevant filing system’ under DPA 1998 (Dawson-Damer and others v...
- Data Protection Day—security and breach notification and the GDPR
- Data subject access requests—what about employees’ personal mobiles?
Precedents 6
- Data protection privacy notice (recruitment)
- Notice to controller—data subject request for erasure of data—where data has been made public
- Notice to data subject—right to restriction of processing—lifting restriction
- Notice to third party—data subject request for rectification, erasure or restriction of processing o...
- Response to data subject request—right to object—unable to comply with request
- Response to data subject request—right to restriction of processing—able to comply with request
Q&As 2
Key definition:
Data subject definition
What does Data subject mean?
Under the GDPR, an identified or identifiable natural person. The concept is key to determining what is personal data (ie information relating to a data subject) and which persons have rights under the GDPR.
CONTACT US
