Outcomes - Selected Case Summaries



Access to One's Own Personal Data

Informal Resolution | 30 October 2020

Two individuals made a subject access request (a request for access to their own personal data), asking for copies of all a data controller’s instructions concerning them and their mortgage and loan facilities. Initially, the data controller, a financial institution, communicated that it would not comply with the request because its internal communications with supporting and processing partners were for internal consumption only and not to be shared externally with clients.

In the course of our investigation, the data controller became fully aware of its obligations under the DPL and complied with the subject access request within the appropriate timeframe, providing appropriately redacted versions of the requested documentation.