UK GDPR: The United Kingdom General Data Protection Regulation - primary legislation governing data protection in the UK post-Brexit, particularly Article 15 (Right of access) and Article 12 (Transparent information and communication)
DPA 2018: Data Protection Act 2018 - the UK's implementation of data protection laws, particularly Section 45 regarding right of access by data subjects and Schedule 2 exemptions
ICO Guidance: Information Commissioner's Office regulatory guidance on handling Data Subject Access Requests, including practical implementation and best practices
EDPB Guidelines: European Data Protection Board guidelines - while not binding post-Brexit, these remain influential for UK data protection practices
Time Limits: Legal requirement to respond to DSARs within one month, with possible extension under specific circumstances
Identification Requirements: Legal obligation to verify the identity of the person making the DSAR to ensure data security and prevent unauthorized access
Fee Regulations: Rules regarding DSAR processing fees - generally free of charge, except for manifestly unfounded or excessive requests
Verification Methods: Legitimate means of verifying the identity of the data subject making the request
Response Format: Requirements for the format in which personal data should be provided to the data subject
DPA Exemptions: Exemptions under Schedule 2 of Data Protection Act 2018 where certain data may be withheld from DSAR responses
Plain Language Requirement: Legal obligation to provide information in clear and plain language, in a concise, transparent, intelligible and easily accessible form
Submission Methods: Acceptable methods for submitting DSARs, including verbal, written, electronic, and third-party requests
