Faultless information on dealing with data

A Practical Guide to Managing GDPR Data Subject Access Requests, Second Edition

 

Patrick O’Kane

 

£29.99, Law Brief Publishing

 

★★★★★

The joys of the data subject access request (DSAR) have been with us since it was introduced in section 7 of the Data Protection Act 1998, as subsequently ‘remastered’ courtesy of Article 15 of the GDPR in 2018. However, one thing has remained consistent throughout the history of the DSAR. Despite involving a potentially enormous amount of work (especially in this increasingly digital age), and more often than not being made in bad faith by disgruntled employees, or those looking to obtain unilateral early disclosure of documents to be used in often vexatious potential litigation, these requests have always had to be completed within a very short period. Any failures to comply in full with the technicalities will, aside from risking potential regulatory issues and reputational damage, almost certainly be seized upon by the data subject (or their representatives) to create even more work for the data controller.

The author of this book works as in-house counsel for a large multinational organisation, and the book’s truly practical content is no doubt a testament to his many years of dealing with such requests himself.

Data access

At just 130 pages, this certainly is not a heavy textbook. It knows that those reading it will want to cut to the chase. Having dealt with the basics of DSARs in chapter 1, the subsequent main chapters set out which categories of data can be requested; the formalities of requests; how to carry out a search; what to do about third-party data; how to train staff to deal with requests; and what exemptions may be applicable. There is also a dedicated chapter dealing with employee access requests (complete with a staggering real-life case that will turn your hair grey when you see the number of documents that had to be reviewed and the cost of doing so); together with an informative FAQ, and extremely useful response templates and precedent policies. Most of the intra-chapter headings are in the form of questions relating to the main chapter themes, which certainly assists with intuitive navigation of the content.

I cannot fault this book. It does what it says it will do, and at £29.99 you are unlikely to have to spend too long calling in a favour from your managing partner to get the expense approved. If you’re still unsure, then the publisher’s website (at date of writing) provides a free online chapter, so that you can judge just how useful it may be for you.

Nietzsche once stated that he sought to say in 10 sentences what others say in a whole book. However, he never had to deal with a DSAR. This author clearly has, and given the potential complexities of the subject, has made a virtue of its relative brevity. I’ll be keeping a copy in my library.

 

Sean Gordon is a former COLP and DPO