Data subject rights

The UK General Data Protection Regulation (UK GDPR), Assimilated Regulation (EU) 2016/679 provides for enhanced rights for data subjects including providing rights of access, rectification, erasure and restriction of processing, Rights of data portability, and a right of data subjects, with strict time limits for complying.

Right of access

Data subject access requests (also called DSARs) are relatively common and are seen as the gateway right, enabling data subjects to exercise other rights such as the right to rectification or erasure. They can be particularly onerous for businesses.

Article 15 of the UK GDPR entitles data subjects to:

  1. confirmation of whether their personal data is being processed

  2. access to the personal data that is being processed

  3. receive additional information, broadly commensurate with the information required to be provided in your privacy notice

  4. a copy of the personal data in question

The UK GDPR sets out mandatory categories of information which must be supplied in connection with a data subject access request. See Practice Note: Rights of data subjects—Right of access (Article 15 of the UK GDPR).

In

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Powered by Lexis+®
Latest Risk & Compliance News
View Risk & Compliance by content type :

Popular documents