Subject Access Requests - relevance and importance in employment disputes

What are Subject Access Requests (SARs)?

• Under the UK General Data Protection Regulation (UK GDPR), individuals have the right to request access to their personal data held by an organisation.

• This right applies to employees, clients, and any other individuals whose personal data is processed by the law firm.

• Employers cannot charge a fee for complying with a SAR unless the request is manifestly unfounded or excessive.

• The response to a SAR must be in an easily accessible format, such as a digital copy.

Importance in employment disputes

SARs can be a valuable tool for employees in employment disputes. They can help uncover evidence of discrimination, unfair dismissal, or breaches of contract because personal records may include :-

• Performance reviews and appraisal - can reveal any biases or inconsistencies in your evaluations.

• Emails and correspondence - can provide evidence of discriminatory remarks, unfair treatment, or a hostile work environment.

• Meeting notes and minutes - these can shed light on discussions about your performance, promotions, or disciplinary actions.

• HR records - may contain information about complaints, grievances, or disciplinary procedures.

By reviewing your personal records, as an employee you can gather evidence to support your claims, identify potential legal grounds for action, and strengthen your position in negotiations with your employer.

For employers, understanding how SARs work is crucial to managing potential legal risks and protecting interests.

Key points for employers who receive a Subject Access Request

Employers should respond to a SAR carefully at all times, but especially if a potential employment dispute exists.  Key matters to take into account, and which legal advice may assist with include :-

• Informal requests - SARs can be informal, ranging from specific requests like “can I see my last appraisal?” to broad ones like “what data do you hold on me?”

• Clarify requests - it’s acceptable to ask for clarification on vague or broad SARs, especially when dealing with extensive employee records.

• Reasonable judgment - employers have discretion to determine what data to disclose or withhold, considering factors like privacy and confidentiality.

• Risk assessment - consider potential risks and liabilities associated with the SAR.

• Comprehensive search - conduct a thorough search of all relevant systems and records.

• Identify sensitive information - determine if any sensitive or confidential information needs to be redacted or withheld.

• Protect sensitive information - redact any sensitive personal data that is not directly relevant to the SAR.

• Anonymise third-party data - anonymise any personal data belonging to third parties to protect their privacy.

• Accurate and complete information - provide accurate and complete information, but avoid disclosing unnecessary details.

• Adhere to deadlines - respond to the SAR within the statutory timeframes.

• Anticipate follow-up requests - be prepared for potential follow-up requests or clarifications.

• ·        Have a clear SAR Policy - develop a clear policy outlining your procedures for handling SARs.

• Maintain consistent approach - maintain a consistent approach to all SARs, regardless of the underlying circumstances.

Consequences for employers who do not comply

Employers can only refuse a SAR in limited circumstances, such as when the request is manifestly unfounded or excessive. In most cases, employers are legally obligated to comply with SARs.  

If an employer refuses to comply with a SAR, they could face significant consequences can include :-

·       ICO enforcement action - the Information Commissioner's Office (ICO) can investigate and take enforcement action, including issuing very large fines.

·       Employment Tribunal claims - employees who are denied their right to access personal data may bring claims before an employment tribunal, potentially leading to compensation awards.

·       Reputational damage - refusing a SAR can damage the employer's reputation and erode trust with employees and clients.

·       Legal costs - if the employer loses a legal challenge, they may be liable for the employee's legal costs.

Legal  advice is strongly advisable to determine the best course of action when faced with a SAR, especially if there is a potential employment dispute.