Skip to Primary Navigation

Skip to main content

DSARs: How to understand your obligations beyond data

Personal data has been pixelated). A doctor prepares a prescription on a computer screen for a patient.
Photo: Adam Berry/Getty Images

Alice Wallbank | Shoosmiths, Sherif Malak | Shoosmiths, Adam Fox | Shoosmiths+1

5 min read
 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

UK and EU courts are increasingly saying that it’s not enough to point to a privacy notice to satisfy the extra GDPR requirements.

What matters

Controllers should understand when they have to disclose individual recipients of data, extra requirements for complex technical data, and explanations of automated decision-making, to know when they can rely on a privacy notice alone.

What matters next

Organizations can get ahead by updating privacy notices and processing records,

, , , , , , , , ,