As accountants who run payroll for many clients we could be receiving a lot of Data Subjects Access Requests (DSAR) from current or ex-employees. What does this mean for us as data controllers?
Well under GDPR we must provide the information requested and have a process for doing so. We don’t have the same exemptions like lawyers, we cannot rely on legal professional privilege as a reason for non-disclosure.
We have put a process together
- we contact our client to let them know that as data controllers we have received a request
- we will collate the information
- we will forward the information to the subject and the client for their internal files
This shouldn’t take much administration time, however depending on the level of requests received we aim to have the whole process completed in 15 working days.
An article published by Accountancy Age gives a little more detail – click here to read.