Respond to a subject access request from an employee under the GDPR
Key points
Employees (and other data subjects) have the right to request copies of the personal data that an employer holds about them.
The employer must respond to a subject access request within the timescale set out under the General Data Protection Regulation (GDPR), providing information about how it processes the employee's personal data, including for how long it will hold the data (or how the retention period is calculated).
Where the employee makes the request electronically, the employer should provide the information in an electronic format.
The materials and information included in the XpertHR service are provided for reference purposes only. They are not intended either as a substitute for professional advice or judgment or to provide legal or other advice with respect to particular circumstances. Use of the service is subject to our terms and conditions.