BPE can support you through every stage of your business and with every step of your company's growth. We're not just the legal help, we're an integral part of your business team.
Life is a journey and we are with you every step of the way
When it comes to dealing with your private legal matters, it stands to reason that you should put your trust in trained and experienced professionals and that is what we are at BPE.
Subject access requests (SARs) are a fundamental right under data protection law, allowing individuals to request access to the personal data that your organisation holds about them. For employers, this means employees, former employees, and even job applicants can make SARs. Handling these requests correctly and efficiently is crucial to maintaining compliance and avoiding potential legal action. Our employment law team can provide expert guidance and support to help you navigate the complexities of SARs.
Key Obligations for Employers Regarding SARs:
Respond promptly: You have one month to respond to a SAR. This timeframe can only be extended in complex cases, and you must inform the data subject of the extension within the initial month.
Provide the information free of charge: In most cases, you cannot charge a fee for complying with a SAR.
Ensure data accuracy: You must ensure that the data you provide is accurate and up to date.
Protect third-party data: You must carefully consider the rights of other individuals when responding to a SAR. If the request includes personal data relating to third parties, you may need to redact or withhold that information to protect their privacy.
Comply with exemptions: There are some limited exemptions to the right of access, such as where disclosure would prejudice the prevention or detection of crime, or where the data is subject to legal professional privilege. However, these exemptions should be applied carefully and only where strictly necessary.
How we can help you manage SARs:
Our expert employment law team can assist you with all aspects of managing SARs, including:
Developing SAR policies and procedures: We can help you create clear and efficient processes for handling SARs, ensuring compliance with data protection law.
Identifying and collating relevant data: We can assist you in locating and gathering all relevant personal data in response to a SAR.
Redacting third-party data: We can advise you on redacting or withholding third-party data to protect their privacy.
Applying exemptions: We can advise you on when it is appropriate to apply exemptions to the right of access.
Responding to complex or challenging SARs: We can provide expert guidance on handling complex or unusual SARs, such as those involving large volumes of data or sensitive personal information.
Training Your Staff: We can provide training to your staff on how to recognise and handle SARs effectively. Employees may choose to submit a written subject access request for any information their employer holds on them, and you must respond to this request within one month.
Our Employment team has extensive experience in advising employers on all aspects of data protection law, including SARs. We understand the challenges businesses face in managing these requests and can provide practical, cost-effective solutions to ensure compliance and help minimise disruption.
Data protection
In today's digital age, handling employee data responsibly is paramount. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 place strict obligations on employers regarding the collection, storage, and use of personal data. Our Employment team, in conjunction with our colleagues in our Commercial team can help you navigate these complex regulations, ensuring your business remains compliant and avoids potential penalties.
Key principles of data protection for employers:
The UK GDPR sets out key principles that employers must adhere to when processing personal data:
Lawfulness, fairness, and transparency: Processing must have a lawful basis (e.g., consent, contract, legal obligation), be fair to the data subject, and be transparent about how the data is used.
Purpose limitation: Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data minimisation: Only collect the data that is necessary for the specified purpose.
Accuracy: Ensure that personal data is accurate and kept up to date.
Storage limitation: Keep data for no longer than is necessary for the purpose for which it was collected.
Security: Protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Accountability: You are responsible for demonstrating compliance with the UK GDPR.
How we can help you achieve data protection compliance:
Our expert teams can assist you with:
Data protection audits and gap analysis: We can assess your current data protection practices and identify areas for improvement.
Developing data protection policies and procedures: We can help you create comprehensive policies and procedures that comply with the UK GDPR.
Drafting privacy notices: We can draft clear and concise privacy notices for your employees.
Managing subject access requests: We can advise you on how to respond to SARs and other data subject rights requests.
Data breach management and response: We can help you manage data breaches and ensure you meet your notification obligations.
Training your staff: We can provide tailored data protection training to your staff.
Why choose us?
Our team has in-depth knowledge of UK data protection law and extensive experience in advising employers on all aspects of data protection compliance. We provide practical, commercial advice to help you navigate these complex regulations and protect your business.
This website uses cookies to provide necessary site functionality. With your approval, we will also use cookies to provide a personalised and responsive service.
Please click here to access our Cookie Policy to understand what cookies we set and what they do.
Manage Tracking
Please select and accept your tracking preferences:
