ISM’s blog discusses challenges associated with data subject access requests (DSARs) and the factors you will need to consider when responding to one.
The General Data Protection Regulation (GDPR) provides data subjects in the UK and EU with a right to access their personal data and, to exercise this right, can make a data subject access request (DSAR) of any controller that processes their data. However, while ‘I want to see my data’ might sound like a very simple request, the regulatory caveats around what data you must and must not provide and the timeframe in which you must provide it, mean they can be more complex than initially seems to be the case.
Read URM’s blog on our educational website, informationsecuritymanagement.com, in which we explain how you can recognise a DSAR, who is responsible for managing them, how to respond to one, and more.