Data subject rights

Copyright © 2024 LexisNexis

The UK General Data Protection Regulation (UK GDPR), Assimilated Regulation (EU) 2016/679 provides for enhanced rights for data subjects including providing rights of access, rectification, erasure and restriction of processing, data portability, a right to object to processing and rights relating to automated decision making, including profiling, with strict time limits for complying.

Right of access

Data subject access requests (also called DSARs) are relatively common and are seen as the gateway right, enabling data subjects to exercise other rights such as the right to rectification or erasure. They can be particularly onerous for businesses.

Article 15 of the UK GDPR entitles data subjects to:

  1. confirmation of whether their personal data is being processed

  2. access to the personal data that is being processed

  3. receive additional information, broadly commensurate with the information required to be provided in your privacy notice

  4. a copy of the personal data in question

The UK GDPR sets out mandatory categories of information which must be supplied in connection with a data subject access request. See Practice Note: Data subject rights—access—Information requirements.

In

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

New Risk & Compliance forecast as at 20 November 2024

Our new Risk & Compliance forecast (as at 20 November 2024) is now live. This month we report on items including: (1) publication of the long-awaited government guidance on the failure to prevent fraud offence; (2) consultation by the Financial Action Task Force (FATF) on proposed changes to FATF Standards and updates to grey listing criteria by FATF to increase focus on risk; (3) updates on the Data (Use and Access) Bill and Employment Rights Bill, and (4) three new consultations from the Solicitors Regulation Authority (SRA) on client money management and consumer protection.

HM Treasury issues advisory on Oil Price Cap evasion tactics

HM Treasury (HMT)and the Office of Financial Sanctions Implementation (OFSI) have released an advisory concerning the Oil Price Cap (OPC) regime. The guidance specifically addresses evasion strategies involving the manipulation of product origin through the use of fabricated and falsified Certificates of Origin (CO). This advisory aims to alert relevant parties to the risks associated with such practices and to enhance compliance efforts within the oil trade sector.

Risk & Compliance weekly highlights—21 November 2024

This week's edition of Risk & Compliance weekly highlights includes: the latest financial sanctions updates, an updated list of businesses not compliant with money laundering regulations from HM Revenue & Customs (HMRC), initiation of a consultation for legal regulators to combat economic crime by the Legal Services Board (LSB) and final versions of a suite of new guidance to support in-house solicitors from the SRA.

FCDO implements new sanctions against international kleptocrats

The Foreign, Commonwealth & Development Office (FCDO) has announced a significant expansion of the UK's anti-corruption efforts through the imposition of sanctions on three high-profile kleptocrats and their associates. These measures, implemented under the Global Anti-Corruption Sanctions Regulations 2021 (SI 2021/488), include asset freezes and travel bans targeting individuals accused of embezzling substantial sums from Ukraine, Angola, and Latvia. The sanctions mark the commencement of a new campaign by the Foreign Secretary to combat corruption and illicit finance, with cross-governmental cooperation to protect UK interests and support global economic integrity. The initiative is bolstered by ongoing collaboration with the National Crime Agency's International Anti-Corruption Coordination Centre (IACCC) and International Corruption Unit (ICU), demonstrating a comprehensive approach to tackling financial crime and sanctions evasion.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Public statement on data breach

Public statement on data breachStatement by [insert name of organisation] concerning a significant [cyber-attack OR data protection breach] on [insert date].On [date], we were made aware of an incident threatening the security of personal data for which we are responsible. [We OR [insert name of

Training materials—GDPR and data protection compliance—for staff

Training materials—GDPR and data protection compliance—for staffThis Precedent presentation has been designed as an aid to train your staff on the general principles of data protection and how to manage this in the workplace. This Precedent is of general application, but incorporates the

How do I calculate the time limit for responding to a data subject request?

How do I calculate the time limit for responding to a data subject request?The General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR) provides for enhanced rights for data subjects, including providing rights of access, rectification, erasure and restriction of processing, data

Data subject access request form

Data subject access request formPlease complete this form if you wish to request access to your personal data. You do not have to use this form, but it will help us to deal with your request as quickly and effectively as possible if you do.You can also use this form if you are requesting access to
Public statement on data breach

Public statement on data breach

Public statement on data breachStatement by [insert name of organisation] concerning a significant [cyber-attack OR data protection breach] on [insert date].On [date], we were made aware of an incident threatening the security of personal data for which we are responsible. [We OR [insert name of

Training materials—GDPR and data protection compliance—for staff

Training materials—GDPR and data protection compliance—for staff

Training materials—GDPR and data protection compliance—for staffThis Precedent presentation has been designed as an aid to train your staff on the general principles of data protection and how to manage this in the workplace. This Precedent is of general application, but incorporates the

How do I calculate the time limit for responding to a data subject request?

How do I calculate the time limit for responding to a data subject request?

How do I calculate the time limit for responding to a data subject request?The General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR) provides for enhanced rights for data subjects, including providing rights of access, rectification, erasure and restriction of processing, data

Data subject access request form

Data subject access request form

Data subject access request formPlease complete this form if you wish to request access to your personal data. You do not have to use this form, but it will help us to deal with your request as quickly and effectively as possible if you do.You can also use this form if you are requesting access to