Handling data subject requests

This document reflects Assimilated Regulation (EU) 2016/679, UK General Data Protection Regulation (UK GDPR) and is intended for private-sector commercial organisations in the UK.

Individuals have a number of rights in respect of their personal data under the UK GDPR:

  1. a right of access

  2. rights to rectification, erasure and restriction of processing

  3. a right of data portability

  4. a right to object to processing

  5. a right not to be subject to a decision based solely on automated processing, including profiling

A data subject can make a request to a data controller to exercise one or more of these rights at any time. They do not need to explain their reasons for making a request and there are strict time limits for complying. Responding to a data subject request can be onerous for a data controller and in most cases you cannot charge the data subject for complying with their request.

With this in mind, it is essential to put in place appropriate processes for handling the full range of data subject requests, to make the process as efficient

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Powered by Lexis+®
Latest Practice Compliance News
View Practice Compliance by content type :

Popular documents