The Information Commissioner’s Office has published advice to help SMEs deal with requests from individuals for access to information held about them.
David Smith, Deputy Commissioner, said: “The Data Protection Act gives us all important rights, enabling us to check the personal information that is held about us and to correct that information where necessary.
This guidance sets out clear advice for small and medium sized businesses to help them deal with requests from individuals for access to information an SME might keep about them.”
The advice distinguishes between requests that SMEs can treat as part of normal business practice and those that should be dealt with formally under the Data Protection Act. It includes information on checking a person’s identity and what SMEs should do if the information requested includes details about other people.
There are also practical examples explaining information that should not be released.
A fee of up to £10 can be charged unless the information is a medical or educational record. Where a charge is levied the information must be supplied within 40 calendar days of receiving payment.
This good practice note is part of a series published by the Information Commissioner’s Office to help explain data protection in simple terms. To download a copy, please click here (PDF).
Download this page in PDF format