Coronavirus: Employer’s resource centre — live guidance available here


ICO issues updated Subject Access Request guidance

BY Anita Mulholland
Employment Law & HR
BG Purple

Data Subject Access Requests can strike fear into the heart of any HR professional. We reported in April that the Court of Appeal had issued two significant judgments on the extent to which a company can refuse to comply with a request. In light of these developments and in advance of the coming into force of the General Data Protection Regulation in 2018, the Information Commissioner’s Office has updated its guidance on SARs. 


The code now contains further guidance on the use of the “disproportionate effort” exception, stating that the exception "cannot be used to justify a blanket refusal" of a SARs, as "it requires you to do whatever is proportionate in the circumstances". The guidance also deals with the issue of the data subject’s motivation for making the request, indicating that this is one of the factors a court may wish to take into account when deciding whether to order compliance with the request. 


It is likely that we will see further changes to guidance around SARs to coincide with the introduction of the GDPR in May 2018. The ICO has undertaken a significant marketing campaign to encourage employers to prepare for the changes. To help you get prepared, LAW will be running Spotlight courses on the changing data protection landscape in September (12th September in Glasgow and 21st September in Edinburgh). Further details and booking information can be found on our website at

About us

As trusted experts in employment law, HR and health & safety, we offer a range of flexible employee relations services under one roof. By delivering top quality, all-inclusive fixed-fee advice, we enable employers to take quick, confident and decisive action.

Read more

Areas of Expertise

Employment Law

Find out more

HR Consultancy

Find out more 

Health & Safety

Find out more