NEWS23 August 2019
All MRS websites use cookies to help us improve our services. Any data collected is anonymised. If you continue using this site without accepting cookies you may experience some performance issues. Read about our cookies here.
NEWS23 August 2019
UK – The Information Commissioner’s Office (ICO) has updated its guidance on timescales for responding to subject access requests.
Under the General Data Protection Regulation (GDPR), organisations must respond to a subject access request – a request made by an individual to access their personal data – within one month of receiving the request.
Following a ruling from the Court of Justice of the European Union (CJEU), the time limit has changed to reflect the day of receipt of a subject access request as ‘day one’, instead of the day after (the ICO’s previous guidance).
The change means that the time limit begins on the day a request is received, regardless of whether it is a working day or not. For example, a subject access request received on 3rd September should be responded to by 3rd October.
0 Comments