How Subject Access Requests Work Under UK/EU GDPRQuiz

1.

Under GDPR Article 12(3), what is the standard time limit for responding to a subject access request?

2.

Which of the following is NOT listed in GDPR Article 15 as information that must be provided alongside the copy of data in a SAR response?

3.

An individual's SAR to a company includes emails in which a colleague is mentioned. How should the company handle this?

4.

Under which UK legislation is the legal professional privilege exemption from subject access requests found?

5.

What can an individual do if they believe an organisation has failed to respond properly to their SAR?

6.

Explain the 'manifestly unfounded or excessive' exception to the requirement to respond to a SAR free of charge. What does the ICO say about its threshold?

7.

Describe the role of the Information Commissioner's Office in enforcing the SAR right, including at least two specific enforcement powers it holds.

8.

How do the SAR provisions of UK GDPR and EU GDPR compare, and in what circumstances might the differences matter?