Arrange a Consultation

Key elements of a data subject access request?

Apr 25 - Brian Siney

Featured in JEP’s Expert Panel – 25th April 2018


When a Data Controller (DC) receives a data subject access request (DSAR), the DC has 4 weeks to respond but can extend by further 8 weeks in certain circumstances (data subject must be informed of extension and reasons within the 4 week period); if DSAR is received electronically, response must be made electronically; no fee can be charged for routine requests; where requests are manifestly vexatious, unfounded or excessive, DC can either refuse to act or charge a reasonable fee; if DC refuses to act on a DSAR they must inform the data subject of their right to make a complaint and to seek judicial remedy; additional information can be requested to verify identification of data subject.

The key pieces of information to be provided are; DC contact details, relevant personal data, purpose and legal basis for processing, categories of recipients, explanation of legitimate interest basis if applied, where data is transferred to a third country or international organisation, what adequate level of protection of their rights and freedoms are in place, how long their data will be stored. See A12 of the new law for more details.

Ensure Your Business is GDPR Compliant Today!

Contact me today and arrange a consultation…

Be Secure is a Jersey-based data consultancy business specialising in GDPR data protection, data privacy and cyber security. Leveraging extensive experience of founder Brian Siney, Be Secure offers a unique business focus and perspective for managing GDPR.

Send me a message

Call me on 07797 738743

More from the blog

Back to Blog home