Q&As

What should I do if I can’t access all the relevant data to respond to a data subject request because of coronavirus (COVID-19) social distancing measures?

read titleRead full title
Published on LexisPSL on 23/11/2020

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • What should I do if I can’t access all the relevant data to respond to a data subject request because of coronavirus (COVID-19) social distancing measures?
  • Legal requirements
  • ICO guidance
  • Practical tips

What should I do if I can’t access all the relevant data to respond to a data subject request because of coronavirus (COVID-19) social distancing measures?

The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects, including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a right not to be subject to a decision based solely on automated processing, including profiling, with strict time limits for complying.

Legal requirements

You must respond to a data subject request without undue delay and in any event within one month of receipt of the request, or within one month of receiving:

  1. any information you have requested to confirm the requester’s identity

  2. any fee you have charged

See Q&As:

  1. How long do I have to comply with a data subject request?

  2. How do I calculate the time limit for responding to a data subject request?

That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You must inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. See Precedent: Response to data subject request—all rights—charging a fee or extension of time to respond and Q&A: What makes a data subject access request ‘complex’?

The time limit for

Popular documents