How do you enforce a subject access request?

read titleRead full title
Published on LexisPSL on 20/02/2019

The following Dispute Resolution Q&A provides comprehensive and up to date legal information covering:

  • How do you enforce a subject access request?
  • Limitation

How do you enforce a subject access request?

This Q&A considers subject access requests under the Regulation (EU) 2016/679, General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018) to the extent it implements provisions related to and permitted derogations from the GDPR into UK law. It does not consider other data protection law (such as the ‘applied GDPR’, law enforcement processing or intelligence services processing regimes under the DPA 2018—see Practice Note: The Data Protection Act 2018).

Where a subject access request has not been complied there are a number of courses of action available to the requesting party, in particular see, ‘Remedies and compensation available to data subjects’ in the Practice Note: Rights of data subjects.

Article 79 of Regulation (EU) 2016/679, the GDPR provides data subjects with the right to an effective judicial remedy against a controller or processor. In the UK, the GDPR is supplemented by the DPA 2018. DPA 2018, s 167 deals with compliance orders:

‘(1) This section applies if, on an application by a data subject, a court is satisfied that there has been an infringement of the data subject's rights under the data protection legislation in contravention of that legislation.

(2) A court may make an order for the purposes of securing compliance with the data protection legislation which requires the controller in respect of the processing, or

Popular documents