Right of access – Research findings…
The General Data Protection Regulation came into force May 25th, 2018 and arguably one of the most challenging elements of this regulation is that of a data subject’s “right of access”.
The “right of access”, commonly referred to as “subject access”, gives individuals the right to obtain a copy of their personal data from you, as well as other supplementary information via a Subject Access Request (SAR). It is a fundamental right for individuals. It helps them understand how and why you are using their data and enables them to check that you are doing it lawfully.
To date, the Information Commissioner’s Office (ICO) does not appear to have sought to enforce this aspect of the regulation too strongly. However, with the latest draft guidance on the “right of access” being published for consultation, it is perhaps an indication that as we commence this new decade it is a topic that will begin to attract a higher degree of scrutiny, not only by the ICO but the public at large.
Infoboss has conducted cross-sector research to help inform the debate. Drawing on our research findings this report provides context to the problems of servicing the “right of access” along with practical advice to help an organisation to better prepare to meet its regulatory responsibilities.
It is perhaps not a surprise to learn that the most challenging aspect of servicing a SAR is finding and collating information, but you might be surprised to discover that the average length of time to service a SAR is a staggering 12.9 days!
There is an undoubted opportunity we believe to innovate this process and improve outcomes for both customers and the organisation alike.