Data subjects’ rights under UK’s data protection law

Reasonable fees

Clause 12 entitles the Secretary of State to limit the “reasonable fees” that may be charged by the controllers, when responding to manifestly unfounded or excessive requests (Art. 12(5) GDPR) and for provision of further copies (Art. 15(3) GDPR). Further, the Secretary of State may also require controllers to publish guidelines about the “reasonable fees”, which they levy and determine what these guidelines must contain.

Exception for credit-reference agencies

The rights to obtain a confirmation of processing, access to data and safeguards for third country transfers may be restricted for the processing of data relating to the data subject’s financial standing, where a controller is a credit reference agency (in the meaning of the Section 145 (8) of the Consumer Credit Act of 1974).

Further restrictions to data subjects’ rights

Regarding the limitations on the rights of the data subject, the DPA refers in Clause 15 to the Schedules of the DPA. There, the reasons for restrictions that can be made at the national level according to Art. 23 GDPR are listed:

  1. Crime and taxation in general, and, in particular, in risk-assessment systems.
  2. Immigration
  3. Information to be disclosed by law or in connection with legal proceedings
  4. Functions to protect the public
  5. Audits by general auditors of the countries of the UK
  6. Functions of the Bank of England
  7. Regulatory functions related to legal services, health and child services
  8. Regulatory functions of certain other persons (public office)
  9. Parliamentary privilege
  10. Judicial appointments, judicial independence and legal proceedings
  11. Honors, dignities and appointments of the Crown

The right to access contained in Article 15 (1) to (3) GDPR may be withheld if the data also contains information about other data subjects. An exception to this is, however, if that other person belongs to health, social or educational staff.

Right to access

In addition, under certain circumstances, the right of access can be denied in the following areas:

  1. Legal professional privilege
  2. Self-incrimination
  3. Business finance
  4. Management forecasts
  5. Negotiations with the data subjects
  6. Confidential references
  7. Exam scripts and marks

Public interest

Further, Clause 16 sets out the power of the Secretary of State to make further derogations by regulation, if this is in the public interest.

Contact us!

Secure the knowledge of our experts!

Subscribe to our free newsletter: