At Stephens Scown, we have seen an increase in the number of laid-off employees who request access to their personal data stored by their employer, often to verify the termination process. It is important that employers comply with data protection legislation, especially when responding to subjects` access requests – an erroneous response to the RAD could mean committing a crime. “Check if the application has been made correctly for the applicant and if the £10 fee has been received, as the deadline is not short. This can be a useful way to buy extra time. As if 40 days weren`t enough — a little advice to be even more sneaky. However, it can sometimes be counterproductive to request access to a topic. If your transaction interviews are already progressing well, this can upset your employer and complicate the process. Large employers are also used to dealing with such demands. This means that the fact that you have submitted an access request will probably not fascinate you, even if it still allows you to get useful information. We are now one year after the introduction of the General Data Protection Regulation (“GDPR”) and one of the consequences for our customers has been a significant increase in the number of requests for employee access to data subjects (“DSARs”). The creation of a DSAR allows current and former employees to obtain all their “personal data” held by their employer.
Since personal data is information about an identifiable individual, employers retain significant amounts of personal data about their employees. Our previous articles have focused on what constitutes personal data (Data Subject Access Request Series Personal Data) and how this data can be properly blackened out before disclosure (data subject access requests: blackening of data in the context of employment). But what about a situation where an employer does not want to disclose the personal data it has identified as a result of a worker`s request for access to a data subject? For example, what if the personal data contains confidential or business-sensitive information. Is there a mechanism for an employer to refuse disclosure? The answer is yes, but only in very limited situations. There are certain circumstances in which the data subject has already consulted a document and/or e-mail containing the personal data of others, i.e. when they have been copied into an e-mail or have previously received a copy of a document in the course of their employment. However, personal data of third parties should be treated with caution when creating and compiling a data set in response to a SAR and may not be transmitted to the data subject doing the SAR, unless it can be proved that they have already had access to that e-mail(s), that is, it is indicated: that they were in copy / a recipient. An employer has less time to respond to a SAR.
Personal data must be provided without delay and at the latest within one month of receipt of the SAR. However, if necessary, an employer may, given the complexity and number of applications, extend the compliance period by an additional two months. In such cases, the employer must inform the worker, within one month of receipt of the RAD, of the extension and the reasons for the delay. This practice note examines the practical problems that generally arise in the context of a working agreement (formerly known as a compromise agreement). It also describes tax issues that are likely relevant and links to our associated practice notes for more details. We offer you a selection of examples/templates to access topics from real case studies that you can use as a starting point and then edit the content to apply it to your specific situation….