	Employing people
		Recruitment and getting started
		Paperwork Comply with data protection legislation Introduction The Information Commissioner The Data Protection Act The eight principles Notifying the Information Commissioner Exemptions from notifying the Information Commissioner Rights of access Monitoring employees Enforcement and penalties Bogus data protection agencies Here's how I complied with the Data Protection Act 1998
		Paying your staff
		Pension schemes
		Setting the rules
		Working time and time off
		Equal opportunities
		Health, safety and working environment
		Employee representatives and trade unions
		Organisational change
		Skills and training
		Motivation
		Dismissals, redundancies and other exits
		Disciplinary problems, disputes and grievances

Comply with data protection legislation

Rights of access

The Data Protection Act 1998 provides the right of access for the subjects of the personal information - data subjects - you process in your business.

Data subjects have the right to:

know whether you or someone else on your behalf are processing personal information about them
know what information is being processed, the reason it is being processed and those to whom it may be disclosed
receive a copy of the personal information about them
know about the sources of the information

The access process
To obtain access, an individual must send either a written or electronic request (known as a subject access request). As a data controller you can charge a fee of up to £10 to provide the information requested.

See an example of a subject access request at the Information Commissioner website.

You may ask for proof of identity from the data subject before responding to the request. Proof of identity could include an official document, such as a council tax bill or passport.

You can also ask for information to help you locate the data being sought. For example, if an individual has requested emails, then you could ask for information such as dates when the emails were sent or the senders or recipients of the emails.

A response to a subject access request must be made as quickly as possible, and in any event within 40 days of the data controller receiving it, or 40 days from the data controller receiving the fee and proof of identity of the data subject.

You must provide the information requested in permanent form such as in a computer print out, letter or form, unless the supply of such a copy is not possible or you can show that it will involve a "disproportionate effort".

Subjects covered in this guide

Print This Page

Source - Business Link; Crown Copyright.

Home Contact Us Terms and Conditions

Driving Recruitment Agency Industrial Staffing Services Technical Staffing Services Agency
Driving Job Vacancies Industrial & Warehousing Vacancies Technical & Engineering Job Vacancies