Patrick Wheeler & Mette Marie Sutton explain how increased data subject access rights could wreak havoc
- A co-ordinated set of requests by a large number of individuals made at the same time could be time consuming, expensive & cause huge disruption.
Most businesses should be aware that EU data protection law is changing as a result of the General Data Protection Regulation (GDPR), which comes into force in the UK (and across the EU) on 25 May 2018.
GDPR builds on the previous Data Protection Regulation by giving individuals greater power to access and exercise control over their personal data: one example of this are the new rules regarding data subject access requests (DSARs). However, there is concern that the changes to DSARs could encourage individuals to use them as a weapon against businesses processing their personal data. So what exactly is the threat and how can a business manage the associated risks?
GDPR establishes sets of obligations and rights. The obligations include processing personal data lawfully, fairly and in a transparent manner and providing information about how the individual’s