Subject Access requests – what they mean and what to do about them

Friday June 14, 2019

Written by Simon Morgan, The HR Dept South East London and North Kent.

Have you ever found yourself stewing about what your boss or co-workers have to say about you behind your back?

Many people do, and guess what, new data protection laws make it easy to find out just what they do say behind closed doors…

All an employee has to do is simply file what is referred to as a “subject access request” – a letter, email, or even a request via social media or verbally for a copy of their personal data. Personal data means any information relating to an identified or identifiable natural person (‘data subject’).

To comply as an employer, you only have a month to respond!

Just imagine having to go through every single email and document about an individual employee…#terrifyinglytedioustask

The personal data you could be required to collate when an employee files a subject access request includes:

• Performance reviews
• Job interviews
• Payroll records
Disciplinary records
• Absence records
• Texts, What’s App messages, Tweets etc referring to the employee

You have one month to piece an employee’s personal data jigsaw together, someone who may have been in your business for 10 years say…scary thought!
Even more worryingly, it could cost you significant time and effort to collate all the data as it’s extremely resource intensive. Meanwhile, your business is inevitably going to suffer whilst you’re collating the information, particularly if you’re a small business.
So what can you do about it?

1 Clarify what personal data the employee is seeking. For example, ask them to specify e mails between certain dates or between certain individuals.

2 If the request is ‘manifestly unfounded or excessive’ you can charge a reasonable fee for the administration involved or extend the response time by a further 2 months.

3 Make it clear to your employees from the start what the purpose and use of personal data is. You should now be issuing employee privacy notices with contracts of employment explaining the purpose and methods of storing personal data.

If asked for a subject access request, don’t let your employee records be in a mess!

For more information please contact Simon Morgan of The HR Dept at simon.morgan@hrdept.co.uk or phone 0345 634 9154.

Preventing People Problems

Subscribe to our monthly newsletter

Office Address: CENTRAL OFFICE, The HR Dept. Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL | VAT Number: GB821928327 | Registration Number: 04479417

Copyright © 2007 - 2024 The HR Dept Ltd. HR DEPT is a registered trademark belonging to The HR Dept Limited.