Skip to main content
CLOSE

Search on BDB

Charities

Close

Corporate and Commercial

Close

Employment and Immigration

Close

Fraud and Investigations

Close

Individuals

Close

Litigation

Close

Planning, Infrastructure and Regeneration

Close

Public Law

Close

Real Estate

Close

Restructuring and Insolvency

Close

Energy

Close

Entrepreneurs

Close

Private Wealth

Close

Real Estate

Close

Tech and Innovation

Close

Transport and Infrastructure

Close
+44 (0)34 5222 9222
Home / News and Insights / Blogs / Pensions / 40: Subject access requests: detailed guidance published
15 February 2021

40: Subject access requests: detailed guidance published

On 21 October 2020, after consultation, the ICO issued its detailed rights of access guidance. The key takeaways from this for trustees are set out below.

As data controllers, trustees must respond to data subject requests without delay and at the latest within one month of receipt of the subject access request. The guidance clarifies amongst other things that the ‘clock’ can be stopped to await clarification from individuals when processing a large amount of information about the individual and a specific clarification is genuinely required.

If a request is ‘manifestly unfounded or excessive’, trustees may be able to charge a fee for their administrative costs or refuse to respond under the GDPR. The ICO has shed more light on what is ‘manifestly excessive’ and clarified that what should be considered is firstly whether the request is clearly or obviously unreasonable and this should be based on whether the request is proportionate when balanced against the burden or costs involved in dealing with the request. This involves taking into account all the circumstances of the request. The ICO points out that a request isn’t necessarily excessive just because the individual requests a large amount of information. In terms of what can be taken into account when determining what admin fee can be charged for one of these requests, the ICO guidance has provided more detail on this. Things which might be taken into account include assessing whether or not you are processing the information, the costs of locating, retrieving and extracting the information, and communicating the response to the individual.

Trustees who are faced with a data subject request from a member and who consider that the request may be excessive or unfounded should consider taking advice on whether any response they put together or fee they wish to charge is compliant with the ICO’s guidance.

Trustees may want to consider undertaking a review of their subject access request policy and protocol. There have been other important developments since the GDPR came into force in 2018 which are likely to mean a pension scheme’s data protection documentation requires a more general update, we can help with this.

We will be hosting a webinar on 25 March 2021 discussing subject access requests and more. Details will be published closer to the time.

Related Articles

BDB Pitmans

Our Offices

London
One Bartholomew Close
London
EC1A 7BL

Cambridge
50/60 Station Road
Cambridge
CB1 2JH

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
4 Grosvenor Square
Southampton SO15 2BE

 

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
4 Grosvenor Square
Southampton SO15 2BE

Follow us

  • Lexcel
  • CYBER ESSENTIALS PLUS

© BDB Pitmans 2024. One Bartholomew Close, London EC1A 7BL - T +44 (0)345 222 9222

Close

Our Services

Charities chevron
Corporate and Commercial chevron
Employment and Immigration chevron
Fraud and Investigations chevron
Individuals chevron
Litigation chevron
Planning, Infrastructure and Regeneration chevron
Public Law chevron
Real Estate chevron
Restructuring and Insolvency chevron

Sectors and Groups

Close
Energy chevron chevron
Entrepreneurs chevron chevron
Private Wealth chevron
Real Estate chevron
Tech and Innovation chevron chevron
Transport and Infrastructure chevron