Must employers still comply with the 30 day response timeframe for subject access requests during the COVID-19 pandemic?Posted in : First Tuesday Q&A NI on 5 May 2020
The ICO has confirmed that it cannot relax the 30-day response period for subject access requests because it is a statutory timeframe (set out under sections 45 and 54 of the Data Protection Act 2018). However, the ICO has stated that it appreciates organisations’ attentions may be diverted elsewhere and therefore organisations will not be penalised for prioritising other areas of their business or adapting their usual approach.
Nevertheless, communication is key and if employers do not think they will be able to meet a subject access request deadline, it would be prudent for them to inform the requestor and explain the reason for the delay.
More on Data Protection & Freedom of Information
- Can an employer refuse a request from an unsuccessful job applicant to delete any of their data in its possession as it may be necessary for the defence of legal claims?
- If employees willingly provide personal email addresses at the start of their employment and their personal email addresses were used to contact them while they worked from home during the Coronavirus Lockdown, is this a breach of data protection?
- Can we ask staff to let us know if they have been vaccinated, and can we keep a record of this?
- Does the chief executive have the right to view sensitive personal data without an employee’s consent?
- Data Protection Implications of Selling From the UK into the EU after Brexit
The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.