Navigating Through A Subject Access Request In Chambers

Navigating Through A Subject Access Request In Chambers

Since the introduction of GDPR back in 2018, there has been a steady increase in the number of Subject Access Requests within the legal profession, resulting in extra workload for many Chambers and their practice managers.

In a legal context, a client may make a SAR to gather evidence for a case or to assess the strength of their legal position. The information obtained through a SAR can also help a client ensure that their personal data is accurate, complete, and up-to-date, and that it’s being used appropriately and in compliance with relevant data protection laws.

However, dealing with a SAR can be quite burdensome on resources as organisations must provide copies of all data that is held on the individual. Often, that will mean:

  • providing copies of all documents, emails and any other types of communication that is held on the individual.
  • redacting any information made in references to other individuals.

Anything which constitutes personally identifiable information, including:

What type of personal data should be provided?

  • Name
  • Address
  • National Insurance Number,
  • Passport Number
  • Mobile Number
  • IP Address
  • Email Address
  • Genetic Data,
  • Health Data
  • Ethnic Origin
  • Political Opinions
  • Religious Beliefs
  • Sexual Orientation

What types of comms you have to review?

  • Emails
  • Meeting minutes
  • Text messages
  • Diary entries
  • Records from computer systems
  • Personnel file
  • Photographs
  • Transcribed Recorded Calls

It’s also important that no information relating to the individual who made the request is deleted pending compliance with the SAR, as it’s a criminal offence to modify or remove this data.

While every individual has the right to access their own personal data, it Is recognised that it can consume an extraordinary amount of time to gather up this information and it’s important to note that failure to respond, or an unjustified delay can result in regulatory enforcement action being taken by the Information Commissioner’s Office. Only recently, the ICO updated their guidance on responding to a SAR as there was over 15,000 complaints relating to a SAR between 2022 and 2023.

Fully Briefed

Here at Briefed, we provide a comprehensive GDPR framework that includes Advisory Services with our in-house barristers. This can become particularly valuable when you require guidance on processing Subject Access Requests (SARs) and need a quick phone call to clarify what data is relevant to the individual SAR.

Our advisory services were instrumental in providing support to College Chambers with a recent SAR they received, you can read about it here.

You might also like

Shutterstock 1689338029 1
read more
Bar Council Calls for Consistency and Investment in Remote Hearings More

The Bar Council has issued a call for greater consistency in remote hearings and increased investment in court technology based on findings from a new report on the administration and delivery of remote justice.

Understanding Types of Data That Businesses Collect and Use Blog
read more
Understanding Types of Data That Businesses Collect and Use More

Data is critical to success in any industry, regarded as the lifeblood of any business. The ability to collect, store, and analyse data...

5 Biggest Benefits of Taking Your GDPR Compliance Seriously blog
read more
5 Biggest Benefits of Taking Your GDPR Compliance Seriously More

The General Data Protection Regulation (GDPR) was designed to give citizens of the EU greater control over their data and to ensure that companies...