Published: 19 November 2021
“A person’s right of access which helps them understand how information about them is used is central to data protection laws both locally and globally. It is not a weapon, and should not be viewed as such. It is a legal right that every one of us has, regardless of the relationship we may have with the organisation we are submitting a ‘data subject access request’ (DSAR) to.
Organisations may refuse to respond to a DSAR if they can demonstrate that the request is genuinely ‘vexatious’ (which is very different than seeking to refuse it because it’s from a person the organisation is in a dispute with). Where an organisation has refused to respond to a request, the person could complain to the ODPA who can then look into whether the refusal was appropriate.
Regardless of the relationship between the parties, organisations who receive a DSAR should focus on the human being who is making the request, and appreciate that that person has a legal right to know what is being done with information about them. Processes in place to respond to individuals seeking to exercise their legal rights should be fair and impartial. Positive engagement, and seeking to repair any tricky relationships with the person concerned is a win-win situation.”
Related resources:
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by & Indulge
© 2024 The Office of the Data Protection Authority.