A young woman skillfully sandboards down a vast desert dune under a clear sky, showcasing adventure and thrill.

Data Subject Rights | Subject Access Request (DSAR)

Understanding the Right of Access: What Your Company Needs to Know

ByPrivacyiQ 27 June 2025

The UK GDPR gives individuals the right to access their personal data. Here’s what companies need to know about handling Subject Access Requests (SARs) effectively.

The UK GDPR gives individuals the right of access under Article 15. This allows people to ask what personal data your company holds about them and request a copy.

SARs often come from current or former employees, clients, or job applicants. You must:

Respond within 1 month (extendable by 2 for complexity)
Not charge a fee (unless the request is manifestly excessive)
Include relevant data from emails, HR systems, databases, etc.
Redact third-party data or obtain consent where necessary

Getting this wrong can result in ICO action or legal claims.

💡 Tip:

Build a SAR protocol now, including logging, templates, and review steps. You’ll thank yourself later.

Automated Decision Making | Data Subject Rights

4 of 5: When Can You Use Automated Decision-Making? Legal Bases and Safeguards Explained

ByPrivacyiQ 25 July 202524 July 2025

UK GDPR Article 22 restricts automated decisions — but there are exceptions. Learn when you can use automation lawfully and what safeguards you must have in place. Article 22 of the UK GDPR generally prohibits companies from making decisions based solely on automated processing that have a significant or legal effect on individuals. However, there…

Children | Data Subject Rights

Children’s Data Rights Under the UK GDPR

ByPrivacyiQ 4 July 20252 July 2025

Children have enhanced data protection rights under UK GDPR. Learn how companies working with under-18s should comply. The UK GDPR gives special protection to children’s personal data. If your company provides services to or collects data from individuals under 18, specific rules apply. Key principles include: These rights tie into the right to be informed,…

Data Subject Rights | Subject Access Request (DSAR)

Verifying Identity Before Fulfilling a GDPR Request

ByPrivacyiQ 8 July 20256 July 2025

You can ask for ID before fulfilling GDPR requests — but only when necessary. Here’s how to verify identity without breaching privacy. The UK GDPR allows companies to request ID if they have reasonable doubts about the identity of the requester. But be careful — asking for too much ID or failing to protect it…

Automated Decision Making | Data Subject Rights

Understanding Automated Decision-Making and Profiling

ByPrivacyiQ 5 July 20252 July 2025

Under Article 22 of the UK GDPR, individuals have rights related to automated decision-making and profiling. Learn how companies should respond. Article 22 of the UK GDPR gives individuals the right not to be subject to decisions based solely on automated processing, including profiling, if it produces legal or similarly significant effects. This affects: Where…

Data Subject Rights | Right to Object

1 of 5: Understanding the Right to Object Under UK GDPR (Article 21)

ByPrivacyiQ 17 July 202517 July 2025

The UK GDPR grants individuals the right to object to certain types of data processing. Learn what Article 21 means for your company and how to stay compliant. Companies today rely on data to drive decision-making, marketing, and operational efficiency. But under the UK General Data Protection Regulation (UK GDPR), individuals have the right to…

Data Retention | Data Subject Rights | Right to be Forgotten | Right to Erasure

The Right to Erasure (Right to Be Forgotten)

ByPrivacyiQ 30 June 202527 June 2025

The GDPR gives individuals the right to be forgotten in certain cases. Understand what this means for your company. Article 17 of the UK GDPR gives individuals the right to request the erasure of personal data where: However, this isn’t absolute. You may retain data if you need it for legal claims, compliance, or public…

💡 Tip:

Similar Posts