Navigating Through A Subject Access Request In Chambers

Navigating Through A Subject Access Request In Chambers

Since the introduction of GDPR back in 2018, there has been a steady increase in the number of Subject Access Requests within the legal profession, resulting in extra workload for many Chambers and their practice managers.

In a legal context, a client may make a SAR to gather evidence for a case or to assess the strength of their legal position. The information obtained through a SAR can also help a client ensure that their personal data is accurate, complete, and up-to-date, and that it’s being used appropriately and in compliance with relevant data protection laws.

However, dealing with a SAR can be quite burdensome on resources as organisations must provide copies of all data that is held on the individual. Often, that will mean:

  • providing copies of all documents, emails and any other types of communication that is held on the individual.
  • redacting any information made in references to other individuals.

Anything which constitutes personally identifiable information, including:

What type of personal data should be provided?

  • Name
  • Address
  • National Insurance Number,
  • Passport Number
  • Mobile Number
  • IP Address
  • Email Address
  • Genetic Data,
  • Health Data
  • Ethnic Origin
  • Political Opinions
  • Religious Beliefs
  • Sexual Orientation

What types of comms you have to review?

  • Emails
  • Meeting minutes
  • Text messages
  • Diary entries
  • Records from computer systems
  • Personnel file
  • Photographs
  • Transcribed Recorded Calls

It’s also important that no information relating to the individual who made the request is deleted pending compliance with the SAR, as it’s a criminal offence to modify or remove this data.

While every individual has the right to access their own personal data, it Is recognised that it can consume an extraordinary amount of time to gather up this information and it’s important to note that failure to respond, or an unjustified delay can result in regulatory enforcement action being taken by the Information Commissioner’s Office. Only recently, the ICO updated their guidance on responding to a SAR as there was over 15,000 complaints relating to a SAR between 2022 and 2023.

Fully Briefed

Here at Briefed, we provide a comprehensive GDPR framework that includes Advisory Services with our in-house barristers. This can become particularly valuable when you require guidance on processing Subject Access Requests (SARs) and need a quick phone call to clarify what data is relevant to the individual SAR.

Our advisory services were instrumental in providing support to College Chambers with a recent SAR they received, you can read about it here.

You might also like

Beware: New Phishing Scam On The Rise
read more
Beware: New Phishing Scam On The Rise More

Phishing scams, a long-standing issue that many people are familiar with, have become even more dangerous and prevalent in today’s technology-driven world...

Pexels august de richelieu 4427819
read more
The Art of Strategic Networking in Legal Marketing More

Networking is essential in the legal industry, and it is an art that requires skill, patience, and dedication. Effective networking can help...

3 Big Challenges UK Companies Face Concerning the GDPR Blog
read more
3 Big Challenges UK Companies Face Concerning the GDPR More

Companies must adhere to stringent data protection regulations to protect their staff and customers while avoiding fines...