Outcomes - Selected Case Summaries
Categories
Access to One's Own Personal Data
Informal Resolution | 30 October 2020
Two individuals made a subject access request (a request for access to their own personal data), asking for copies of all a data controller’s instructions concerning them and their mortgage and loan facilities. Initially, the data controller, a financial institution, communicated that it would not comply with the request because its internal communications with supporting and processing partners were for internal consumption only and not to be shared externally with clients.
In the course of our investigation, the data controller became fully aware of its obligations under the DPL and complied with the subject access request within the appropriate timeframe, providing appropriately redacted versions of the requested documentation.