Handling Data Subject Access Requests From Employees

Our team of experts in data protection law advise employers on handling Data Subject Access Requests (sometimes referred to as a SAR or DSAR), making sure they are transparent and compliant with the regulations.

Responding to a SAR from an employee

All employees have the right to make a subject access request to enable them to see what personal data employers process about them. It is relatively easily for the employee but for an organisation to respond it can take a significant amount of time and resources. Furthermore, should an individual be dissatisfied with how you have handled their request, then that individual can complain to the Information Commissioner’s Office (ICO.

The team at Kuits specialises in supporting employers to comply with data protection laws and provide comprehensive guidance on managing SARs from an employer’s perspective. This involves helping you comply with your data protection obligations, whilst also protecting your organisation. Our team has significant experience in dealing with the ICO and ensure that the client’s interests are protected.

We help clients concentrate their efforts by making sure that, when faced with a SAR, they only search for what’s reasonable and fair while also applying disclosure exemptions which means they are not revealing anything unnecessary or unlawfully sharing personal data about other individuals when complying with the SAR.

Tips for responding to a SAR

Recognise the Subject Access Request
Identify the individual making the request
Establish timeframes to respond
Agree the scope and search terms
Consider the extent of the search on your systems
Identify data to be disclosed
Consider third party personal data
Identify whether any exemptions apply
Securely disclose the personal data
Keep a record of decisions made

Implications and penalties for non-compliance with GDPR

If an employer fails to comply with a SAR, the ICO can take enforcement action against them for their failure to comply with data protection legislation. This can range from being required to take corrective action following what can be an invasive investigation, to the imposition of significant penalties. Organisations found in violation may face fines of up to £17.5 million or 4% of their global annual turnover, whichever is higher.

Our highly experienced team can assist clients in meeting their data protection obligations to safeguard their reputation and avoid these consequences.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	This cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics	1 year	This cookie is used to record your preferences for cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functional	1 year	The cookie records your preferences for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	1 year	This records your cookie preferences.
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance	1 year	This cookie is used to store your consent for cookies in the category "Functional".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	1 year	This cookie stores whether or not you have consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
MoneyPennyAgentAvatar	session	This cookie stores the agent image URL in order to show the agent avatar on the minimize state of our live chat function. If you disable this cookie, our live chat functionality may not be available to you
MoneypennyHistory	1 year	This cookie is used to keep track of the your visits to our website and last live chats. It displays the previous five live chat transcripts to the agent in the live chat to allow faster understanding of your conversation context, and faster resolutions.
MoneypennyHistory	1 year	This cookie is used to keep track of the your previous visits to our website and last live chats on our website. The cookie allows the chat transcripts from your five previous live chats to be displayed to your live chat agent in the chat to allow faster understanding of your needs and faster resolutions.
MoneypennyRef	2 hours	This cookie records origin and site entry to display the referring URL to the live chat agent so they can gain insight into your journey to our website. It helps our live chat agents deliver a better experience by giving them context. If you choose to disable this cookie, live chat will still be available.
MoneypennyUserAlias	1 year	This cookie stores the visitor alias (name) on use of the setUserName() Javascript API. This cookie is used to support subsequent live chats so that, once it is known, the live chat agent doesn’t need to collect the information again. This alias also will get displayed on the chat-box (as the visitor’s name), prechat form (as the value of the ‘name’ field, if it exists), and offline form (as the value of the ‘name’ field, if it exists).
MoneypennyVisit	session	This cookie is used to keep track of the your visits to our website and tells your live chat agent how many times you have visited our website. It is also used for the ‘returning visitor’ proactive chat rule, enabling returning visitors to be greeted differently. Failure to accept this cookie may impact performance of our live chat function.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether you use the new or old player interface.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-37750570-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow us to track your behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, this cookie stores information on how you use our website and also creates an analytics report of the website's performance. Some of the data that is collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 3 months 1 day 13 hours 11 minutes	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
yt.innertube::nextId	Persistent	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	Persistent	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements to you when either on Facebook or on a digital platform powered by Facebook advertising, after visiting our website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to you by tracking your behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how you use our website to present you with relevant ads according to your user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if your browser supports cookies.
YSC	session	YSC cookie is set by Youtube and is used to track your views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Handling Data Subject Access Requests From Employees

Responding to a SAR from an employee

Tips for responding to a SAR

Implications and penalties for non-compliance with GDPR

Bringing an Employment Tribunal Claim

Defending an Employment Tribunal Claim

For Businesses

For Individuals

General Data Protection Regulation (GDPR)

Redundancy Procedures and Consultations

Retainer Services

Settlement Agreement Solicitors Manchester

Teaching Regulation Agency (TRA) Lawyers

Training Workshops

Kevin McKenna

Sally Bird

Claire Hollins

Mark McKeating

Claire Treacy

James Howarth

Lauren Ogden

Jake McManus

Tyler Ross

Sign up to our Newsletter