The Information Commissioner’s Office has issued revised guidance on subject access requests (SARs) under the GDPR.

As outlined in the ICO’s blog post (ico.org.uk), some key changes or areas where the guidance (ico.org.uk) has been expanded relate to:

• stopping the clock to ask for clarification of an individual’s request if genuinely required;
• when is a request ‘manifestly excessive’, so that the controller can refuse to answer or can charge a reasonable fee;
• what can be included when charging a fee for excessive, unfounded or repeat requests.

More on subject access requests: GDPR: Worker’s right to request disclosure.