Latest News

Employer Responsible for Work-Related SuicideEmployer Responsible for Work-Related Suicide
EPCs for Commercial Property - Are You Ready?EPCs for Commercial Property - Are You Ready?
New Minimum Wage RatesNew Minimum Wage Rates
Car Fuel and VAT - Your Options Car Fuel and VAT - Your Options
Discrimination by Association - ECJ Rules Discrimination by Association - ECJ Rules
Court of Appeal Overturns Tenant Win in Consumer Law CaseCourt of Appeal Overturns Tenant Win in Consumer Law Case
Price Rigging - Construction Companies Under ScrutinyPrice Rigging - Construction Companies Under Scrutiny
Time Off for Dependants - How Long is Reasonable? Time Off for Dependants - How Long is Reasonable?
Certainty Needed in Stage PaymentsCertainty Needed in Stage Payments
New Powers for ICO for Data Breaches New Powers for ICO for Data Breaches

Dealing With Subject Access Requests

The Data Protection Act 1998 gives individuals the right to access information held about them by organisations. The Act governs how organisations can use the personal information they hold – including how they acquire, store, share or dispose of it.

The Information Commissioner’s Office has published guidance for small- and medium-sized firms on how to deal with requests (called ‘subject access requests’) from individuals for information held about them.

The advice distinguishes between requests that can be treated as part of normal business practice and those that should be dealt with formally under the Act.


If the request can be treated as a routine enquiry, rather than a formal subject access request, it often makes sense to do so. The guidance includes examples of the sort of requests for information that should be handled in this way. 

The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.