ICAEW.com works better with JavaScript enabled.

New guidance: New guide helps organisations handle requests for information under data protection law

The Information Commissioner’s Office (‘ICO’) has published a new guide to help businesses and other organisations handle ‘subject access requests’ under data protection law.

Legal Alert

This update was published in Legal Alert - January 2016

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.

The ICO is the independent body whose responsibilities include promoting data privacy for individuals in the UK. A subject access request is the document or other form of request which an individual must submit to an organisation in order to see any personal data the organisation holds on them. ‘Personal data’ is information that can be used to identify an individual, either on its own or with other information held. It is ‘data’ whether it is held electronically, in paper form or in any other form. The organisation must usually provide the personal data it holds within 40 days of the request.

The new guide, How to disclose information safely: Removing personal data from information requests and datasets, covers key areas for organisations, such as:

  • How to avoid inadvertently releasing personal data about third parties when responding to a request
  • How to deal with data held in spreadsheets or other documents that may be hidden (such as hidden data in pivot tables)

Operative date

  • Now


Disclaimer: This article from Atom Content Marketing is for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

Copyright © Atom Content Marketing