CLOSE SEARCH
Under the UK General Data Protection Regulation (UK GDPR), individuals have the right to request access to their personal data held by an organisation. This right applies to employees, clients, and any other individuals whose personal data is processed by the law firm.
Employers cannot charge a fee for complying with a SAR unless the request is manifestly unfounded or excessive. The response to a SAR must be in an easily accessible format, such as a digital copy.
SARs can be a valuable tool for employees in employment disputes, especially to find supporting evidence of different treatment in discrimination claims or unfavourable or unfair attitude to the employee where the employee is considering raising a formal grievance.
Employee personal records may include :-
Performance reviews and appraisal - can reveal any biases or inconsistencies in your evaluations.
Emails and correspondence - can provide evidence of discriminatory remarks, unfair treatment, or a hostile work environment.
Meeting notes and minutes - these can shed light on discussions about your performance, promotions, or disciplinary actions.
HR records
By reviewing your personal records, as an employee you can potentially gather evidence to support your claims, identify potential legal grounds for action, and strengthen your position in negotiations with your employer.
For employers, understanding how SARs work is crucial to managing potential legal risks and protecting interests.
Employers should respond to a SAR carefully at all times, but especially if a potential employment dispute exists. Key matters to take into account, and which legal advice may assist with include :-
Informal requests - SARs can be informal, ranging from specific requests like “can I see my last appraisal?” to broad ones like “what data do you hold on me?”
Clarify requests - it’s acceptable to ask for clarification on vague or broad SARs, especially when dealing with extensive employee records.
Reasonable judgment - employers have discretion to determine what data to disclose or withhold, considering factors like privacy and confidentiality.
Risk assessment - consider potential risks and liabilities associated with the SAR.
Comprehensive search - conduct a thorough search of all relevant systems and records.
Identify sensitive information - determine if any sensitive or confidential information needs to be redacted or withheld.
Protect sensitive information - redact any sensitive personal data that is not directly relevant to the SAR.
Anonymise third-party data - anonymise any personal data belonging to third parties to protect their privacy.
Accurate and complete information - provide accurate and complete information, but avoid disclosing unnecessary details.
Adhere to deadlines - respond to the SAR within the statutory timeframes.
Anticipate follow-up requests - be prepared for potential follow-up requests or clarifications.
· Have a clear SAR Policy - develop a clear policy outlining your procedures for handling SARs.
Maintain consistent approach - maintain a consistent approach to all SARs, regardless of the underlying circumstances.
Employers can only refuse a SAR in limited circumstances, such as when the request is manifestly unfounded or excessive. In most cases, employers are legally obligated to comply with SARs.
If an employer refuses to comply with a SAR, they could face significant consequences can include :-
· ICO enforcement action - the Information Commissioner's Office (ICO) can investigate and take enforcement action, including issuing very large fines.
· Employment Tribunal claims - employees who are denied their right to access personal data may bring claims before an employment tribunal, potentially leading to compensation awards.
· Reputational damage - refusing a SAR can damage the employer's reputation and erode trust with employees and clients.
· Legal costs - if the employer loses a legal challenge, they may be liable for the employee's legal costs.
Legal advice is strongly advisable to determine the best course of action when faced with a SAR, especially if there is a potential employment dispute.
Get in touch
If you would like to speak with a member of the team you can contact us on:
Partner - Commercial law and Data issues
Phil specialises in assisting SMEs and owner-managed businesses with their non-contentious commercial contracts and data protection needs. He qualified as a Solicitor in 2002 and has worked in Legal 500 ranked firms during his career.
His experti...
