Q&As

If a client makes a subject access request, what information are we obliged to provide and what can we retain? Can we give the client a summary of the data held or do we need to provide a copy?

read titleRead full title
Published on LexisPSL on 10/11/2018

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • If a client makes a subject access request, what information are we obliged to provide and what can we retain? Can we give the client a summary of the data held or do we need to provide a copy?

If a client makes a subject access request, what information are we obliged to provide and what can we retain? Can we give the client a summary of the data held or do we need to provide a copy?

The right of access is set out in the Article 15 of the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR). A data subject has the right to:

  1. confirmation that you are processing their personal data, and (where that is the case)

  2. access to the data and other supplementary information, which largely corresponds to the information that you should provide in a privacy notice

You must provide a copy of the personal data rather than a summary of the data held, although the data subject’s right to obtain a copy must not adversely affect the rights and freedoms of others. This will include trade secrets or intellectual property. However, the result of considering the rights and freedoms of others should not be a refusal to provide all the information to the data subject. If responding to the request may involve providing information relating to an individual other than the data subject, you might need to consider

Related documents:

Popular documents