A Code of Practice on Subject Access Requests (SARs) has been published by the Information Commissioner’s Office, following a period of consultation and review.

The Code offers a ‘best practice’ guide to dealing with requests from individuals looking to access their personal data under section 7 of the Data Protection Act 1998. The practical advice includes details of time limits and fees, as well as an outline of data controllers’ responsibilities. The Code considers areas such as requests from third parties and requests for information about children, and it also provides clarity on exemptions and special cases.

Impact for Employers

The new Code of Practice is both clear and informative, and will be valuable for any organisation holding personal data.