Handling data subject requests—flowchart

Published by a UUÂãÁÄÖ±²¥ Risk & Compliance expert
Flowcharts

Handling data subject requests—flowchart

Published by a UUÂãÁÄÖ±²¥ Risk & Compliance expert

Flowcharts
imgtext

The UK General Data Protection Regulation (UK GDPR) provides a number of rights for data subjects, including providing a right of access to their personal data, rights to rectification, erasure, restriction of processing and data portability, a right to object to processing and a right not to be subject to a decision based solely on automated decision making, including profiling.

Data subjects can make a request to an organisation to exercise one or more of these rights at any time and there are strict time limits for complying with requests made. See Practice Note: How to handle data subject requests.

This Flowchart maps out a process for handling data subject requests received under the UK GDPR. It reflects requirements in the UK GDPR together with guidance issued by the Information Commissioner’s Office (ICO). It should be read in conjunction with Practice Note: How to handle data subject requests and the following detailed Flowcharts for handling requests under specific data subject rights:

  1. •

    Evaluating a data subject access request—flowchart

  2. •

    Evaluating a data rectification request—flowchart

  3. •

    Evaluating a data

Powered by Lexis+®
Jurisdiction(s):
United Kingdom

Popular documents