The impact of the GDPR (General Data Protection Regulation) in Scotland is greater than most realise. Not only does it affect the way organisations process personal data, but also extends data subjects rights in terms of how their data is processed. One of the rights amended by the GDPR is the right of access.
What is a data subject access request (DSAR)?
Individuals have the right to send organisations a personal data request for:
- Confirmation that their data is being processed;
- Access to their personal data; and
- Other supplementary information (mostly the information provided in the organisation’s privacy notice).
Recital 63 of the GDPR states: “a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing”.
The impact of DSARs on Scottish businesses
Processes for dealing with subject access requests should already be in place as individuals were able to make these types of requests under the Data Protection Act 1998. However, organisations now have only 30 days to respond and recent figures have revealed that only 35% of EU-based companies are succeeding in fulfilling DSARs within the legal timeframe.
In Scotland, this will impact most significantly on sectors such as banking and retail however other key organisations in Scotland will also be affected. Some of the major Scottish organisations which you can request your data from include: National Records of Scotland, Scottish Government, Police Scotland and NHS Scotland.
Help creating a DSAR procedure
To guarantee that you are equipped to deal with any requests your organisation receives you should ensure that you have an effective DSAR procedure in place.
You can purchase templates for this and many other GDPR-related documents in the EU GDPR Documentation Toolkit. Designed and developed by expert GDPR practitioners, it has been used by thousands of organisations worldwide. The toolkit includes:
- A complete set of easy-to-use and customisable documentation templates, which will save you time and money, and ensure GDPR compliance;
- Helpful dashboards and project tools to ensure complete GDPR coverage;
- Direction and guidance from expert GDPR practitioners; and
- Two licences for the GDPR Staff Awareness E-learning Course.
Alternatively, if you’d rather speak to one of our local GDPR experts to discuss your subject access concerns or anything else regarding how the GDPR impacts on your organisation, then don’t hesitate to get in touch.