26 July 2018
A Subject Access Request (SAR) is a written request from an individual, in relation to their access to information, which they are entitled to ask for under the Data Protection Act.
There has been some debate on what must be included in an SAR:
Recently in relation to the inclusion or exemption of confidential references. As previously, under the Data Protection Act 1998, employees had the right to access their personal information, including references from current or former employers, although employers did have the right to refuse disclose of this information to the employee. In this instance, an employee could overrule the employer’s decision by applying to the recipient employer regarding their reference, whereby the employer could not decline disclosure.
There have now been some changes under GDPR and the Data protection Act 2018, although an employee still has the right to make an SAR, the loophole has now been removed and as it stands, references do not have to be disclosed to the requestor by either the potential employer or the referee. As stated in the Data Protection Act 2018, Schedule 2:
"The listed GDPR provisions do not apply to personal data consisting of a reference given (or to be given) in confidence for the purposes of—
(a)the education, training or employment (or prospective education, training or employment) of the data subject…"
However, this does not indicate that confidential references should be completely disregarded within SAR’s, as some companies may choose to disclose references in an anonymous format, therefore protecting the referee's confidential information.
To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070