A model letter for your organisation to refuse, or ask for an administrative fee for, an individual's request for the deletion of data about them.
We discuss the main changes to the procedure for responding to a subject access request under the GDPR regime and the practicalities of providing access to what could potentially be a large amount of data.
Updated to take account of verbal subject access requests, which ICO guidance states are valid.
Updated to explain that we are retaining this guide on the site now that the GDPR is in force, as it remains useful for employers that are still working on their GDPR compliance plans.
Definition from the XpertHR glossary.
Updated to reflect ICO guidance on verbal subject access requests.
HR and legal information and guidance relating to data protection.
We provide a list of model policies and documents in which the sample wording has been updated to comply with the General Data Protection Regulation (GDPR), which is in force from 25 May 2018.