UK ICO issues new Code of Practice on Subject Access Requests

The UK Information Commissioner’s Office (ICO) has issued a new Code of Practice on dealing with Subject Access Requests (Code). The Code, which was issued on 8 August, will be required reading for all businesses and other organisations that are data controllers under the UK Data Protection Act 1998 (DPA).

As data controllers are those who determine the manner and purpose of any processing of personal data, in practice, almost all businesses and other organisations in the UK will be affected.

All data controllers are advised to review the Code and ensure that their Subject Access Request policies and procedures reflect the guidance contained within it. As an added ‘incentive’, the ICO has announced that it will be conducting a Subject Access Request ‘sweep’ of websites later this year…

If you are registered and logged in to the site, click on the link below to read the rest of the Nabarro briefing. If not, please register or sign in with your details below.

Briefings from Nabarro

View more briefings from Nabarro

Analysis from The Lawyer

View more analysis from The Lawyer


Lacon House
84 Theobald's Road

Turnover (£m): 116.30
No. of Lawyers: 360