The Information Commissioner's Office ("ICO") has published updated guidance on how to deal with subject access requests from individuals. This is called the Subject Access Code of Practice (the "Code").
Under the Data Protection Act 1998, any individual has the right to make a request to any organisation which holds personal information about them. Any organisation which holds personal information can be on the receiving end of a subject access request and this includes an employee seeking information from an employer. The new guidance from the ICO is designed to help organisations with the efficient handling of such requests.
The Code provides a comprehensive and straightforward guide for organisations and provides an overview of subject access requests and how they should be dealt with from start to finish.
Of particular interest to organisations is the annex to the Code, which provides a 'Subject Access Request Checklist'. The ICO have called this '10 simple steps to understanding subject access requests' and the checklist identifies areas that organisations should consider when responding to a subject access request.
The Code is clearly a valuable tool for any organisation responding to a subject access request and it provides clear, step by step guidance. A copy of the Code can be found on the ICO's website.