The Office of the Data Protection Authority has published new guidance on ‘data subject access requests’
(DSARs) for anyone who works with information about identifiable people.
Individuals (aka: ‘data subjects’) are at the heart of data protection legislation. The Data Protection (Bailiwick of Guernsey) Law, 2017
contains legal rights and responsibilities and specifically aims to strengthen individuals’ rights.
One of the most commonly used rights is the right of access (also sometimes referred to as a ‘subject access request’ (SAR), or ‘data subject access request’ (‘DSAR’). This is where individuals ask what personal data a controller holds about them and why.
In plain English, a DSAR is when an individual asks you:
- what do you know
- what do you think
- what do you think you know
- what are you doing with it
all this information?
The newly published guidance provides a step-by-step process for controllers to follow, along with detailed guidance notes to help ensure that they respond to an individual’s DSAR in accordance with the law.
There is also guidance for individuals who may wish to make a DSAR
. This contains information specifically about DSARs, how to make one, what you should receive back, and what to do if you’re not happy with what you receive.