Data Protection & Subject Access Requests (DSARs) - What You Need to Know

Introduction

The topic of subject access requests is highly controversial and is the cause of more than 40% of complaints to the ICO each year. Most recently, the ICO has issued a series of reprimands to controllers who have failed to comply with their obligations. Valued by data subjects as an easy way to access their personal data, dealing with such requests can often pose considerable challenges for controllers in terms of time, expense, and complexity.

This webinar summarises the key content of the ICO’s guidance note and the changes made by the Data (Use and Access) Act 2025. Guidance on steps to take to ensure compliance will also be provided.

What You Will Learn

This webinar will cover the following:

• Formalities
• Identifying a request
• How quickly must a request be dealt with?
• In what circumstances can a fee be charged?
• Can the controller request further clarification from the data subject?
• Extent of search
• How is ‘personal data’ defined?
• What does making a ‘reasonable search’ require in practice?
• Exemptions
• What exemptions can be relied upon by a controller?
• What is meant by ‘manifestly unfounded or excessive’?
• Third party rights
• To what extent should the rights of third parties be considered?
• When will the courts order disclosure of the identity of a third party?
• Provision of information
• What information needs to be provided to the data subject?
• Is the data subject entitled to receive documents, data, or both?
• Relevant case law
• Harrison v Cameron [2024] EWHC 1377 (KB)
• Ashley v HMRC [2025] EWHC 134 (KB)

This pre-recorded webinar will be available to view from Wednesday 4th February 2026

Alternatively, you can gain access to this webinar and 1,900+ others via the MBL Webinar Subscription. Please email webinarsubscription@mblseminars.com for more details.