An introduction to subject access rights - .PDF file.
The right for individuals to gain access to personal information that organisations hold about them is a core requirement of most data protection laws. By exercising this right, individuals are able to check if data held about them is correct and whether it is being handled in accordance with the wider data protection rules. This then opens the door for people to exercise further rights, such as getting inaccurate data about them corrected or erased.
Subject access rights in Europe are defined by the EC Data Protection Directive (95/46/EC) and are ratified into the laws of the different EU member countries. While the basic access right is broadly consistent, the detail around the formalities of responding can vary from country to country. In the UK, the Data Protection Act 1998 (DPA) gives effect to the directive and this overview considers the approach to subject access requests from a UK law perspective.
Individuals (usually referred to as ‘data subjects’) have a right to be informed by an organisation whether or not it is processing personal data that relates to them and, if so, to be told: what data it is processing; what it is using the data for; who it is disclosing the data to; and the extent to which it is using the data for the purpose of making automated decisions relating to the data subject and, if so, what logic is being used for that purpose…
If you are registered and logged in to the site, click on the link below to read the rest of the Taylor Wessing briefing. If not, please register or sign in with your details below.