Skip to content
BLOG

19 October 2021

A guide to navigating Data Subject Access Requests (DSARS) for employers

1 min

Data Subject Access Requests (DSARs) involving employees can be difficult for even experienced Data Protection Officers (DPOs), in-house lawyers, and HR professionals to deal with. This can be for various reasons such as:

  • The volume of data held on employees by the company;
  • the various exemptions that might apply; and
  • the likely complex background to the request.

Often DSARs come up in the context of a redundancy exercise, a grievance or disciplinary, or employment tribunal litigation. Therefore, the situation may already be fraught without having a DSAR to deal with on top of that.

For the uninitiated, employees (and other data subjects) have certain rights in relation to their own personal data under UK law. Under the United Kingdom General Data Protection Regulation (UK GDPR), one of these rights is to make a DSAR which entitles an employee to confirmation that their data is being processed by their employer, a copy of that data, and certain supplementary information about the data processing.

We have outlined below some of the key questions surrounding DSARs, to help employers understand their obligations when an employee submits a request.

How can we help you?

We are here to help. If you have any questions for us, please get in touch below.