The ICO, Britain’s privacy authority, recently issued reprimands to seven organizations citing multiple failures of the organizations to respond to data subject access requests either within the statutory time frame or at all. Recognized as one of the fundamental rights under numerous data protection laws, data or subject access requests (“DSARs”) provide a mechanism by which a consumer can request that an organization explain what personal information it has about that consumer, and how such information is used and shared. This requirement exists under UK GDPR, mirroring the GDPR requirement.
Organizations generally have thirty to forty-five days to respond to a
Continue Reading UK Reprimands Companies For Failing to Keep Up with Access Requests