The Information Commissioner’s Office (ICO) has published a subject access code of practice to help guide data controllers when dealing with subject access requests. This is where an employee requests access to personal data held by their employer.
The Code includes guidance on:
The ICO has stated that the code “will help organisations handle subject access requests more efficiently, while supporting the public in taking control of their personal information”.
You can access the Subject access code of practice and the Subject access request checklist here. The checklist helpfully sets out the ten steps organisations should take when dealing with a subject access request.