TRU GDPR Blog, Subject Access Requests

TRU GDPR Blog, Subject Access Requests

Continuing the series of articles concerning the GDPR this article will look at the issue of subject access requests.

Subject access requests – requests for their data by data owners –  are nothing new, indeed they are a cornerstone of the Data Protection Act 1998. The GDPR takes the current legislation and effectively simplifies it from the data owner’s (data subject’s) viewpoint. Conversely the onus on data controllers and data processors has increased. Organisations dealing with data subject’s data should review their processes for dealing with access requests to ensure they are able to satisfy the requests within the strictures of the GDPR. Further, as detailed below the cost of dealing with subject access requests has to be borne by the organisation in the majority of cases. This is a cost of complying with the GDPR that could prove significant for organisations who receive large numbers of access requests.

The time limit to respond to a subject access request is reduced under the GDPR from the current 40 days to 30 days. Another significant change brought about by the GDPR is with regard to being able to charge an administration fee for responding to a subject access request. With one exception the requested information must be provided free of charge. Data controllers or data processors may however refuse or charge for requests that are ‘manifestly unfounded or excessive.’

Should a subject access request be refused, the data controller or data processor has a duty to tell the individual the reasons for refusal and also inform them of their right both to complain to the Information Commissioner’s Office (ICO), the supervisory authority for the UK, and to seek a judicial remedy. The individual must be notified without undue delay and within one month of the date of the request.

Organisations that receive a large number of access requests will face a logistical challenge in dealing with requests inside the revised time frame. The GDPR does however permit organisations to implement systems that allow data subjects to access their personal information online, which may assist here.



Related Products

TRU Cloud

The right place in the cloud to run your Transportation Optimisation.

TMS made easy: the transportation management system combining cloud, mobile and social technologies for complete TMS capabilities.

TRU Cloud Brings Same-Day, Rapid-Deployment Transportation and Logistics Management.

View Product

TRU Connect

Integration is the key to clean seamless data movement between business systems.

In the past Transportation Platforms have often been implemented via a cumbersome combination of text file and manual operational processes, or complex inflexible API’s that can be expensive to build and maintain.

View Product

TRU Platform

Our innovative transport management system "TRU Platform" is designed to help companies plan, manage transport operations that drive business growth and service.

Optimise delivery schedules and track orders through to final delivery and Invoicing. TRU Platform also is a business analytics tool that transforms transportation data into meaningful views of order/fleet performance.

View Product

More from News