- Contact The DPO Centre
- +44 (0)203 797 1289
- hello@dpocentre.com
Data Privacy Day – an interview with Rob Masson, CEO at The DPO Centre
January 28, 2022
Rob Masson on 105 Uckfield FM for Data Privacy Day 2022
January 31, 2022
On the 15th of December 2021, the Information Commissioner’s OfficeThe United Kingdom’s independent ‘supervisory authority’ for ensuring compliance with the UK GDPR, Data Protection Act 2018, the Privacy and Electronic Communications Regulations etc. (ICOThe Information Commissioner's Office (ICO) is the United Kingdom’s independent supervisory authority for upholding information rights in the public interest, ensuring compliance with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).) released their consultation on the draft right of access for competent authorities guidance. The right of access, under Part 3 of the Data Protection Act 2018The Data Protection Act 2018 is a United Kingdom Act of Parliament which updates data protection laws in the UK (and supersedes the Data Protection Act 1998), and implemented the GDPR into UK legislation., is an important right that applies to any ‘competent authorities’. It is most commonly understood as the right to make a Data Subject Access RequestA verbal or written request made by a data subject to access their data (in a portable format if requested), be informed about how it is used, to have their data modified if it is incorrect, or to have it deleted. (DSAR) This right allows individuals to obtain a copy of their data, that is being held by law enforcement.
This consultation follows on from their initial one in 2020, which explained the broader right of access that all organisations must comply with, which succeeded in clarifying a number of questions that were often raised around how to respond to a DSAR.
This draft guidance explores the same right but how it applies in the context of law enforcement processing, which is an area that EU member states (as the UK was when the EU GDPRRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation). came into force) had far more control over in terms of derogating away from the EU regulation. The guidance covers the right of access in general; the involvement of joint controllers; how to respond appropriately to the requests; and the restrictions that could apply in practice that may result in a request being rejected.
Alongside this consultation, the ICO has drafted additional guidance on how authorities can deal with manifestly unfounded or excessive requests which, whilst only formally applying to competent authorities, could provide some much needed clarity on this topic for all organisations.
If you want to take part in the consultation you have until the 11th March 2022. You can find the consultation questions and the draft guidance here.