What happens if we fail to respond to a DSAR?

To fail to respond to a DSAR is to break the law.

Under the Data Protection Act 2018, fines of up to €20 million, or 4% of a business’ annual global turnover in the preceding financial year, whichever is higher, could be imposed by the ICO for non-compliance with data subject access requests.

So far, the practice employed by the ICO is to issue an enforcement notice, before taking legal and punitive actions.

This FAQ is in these categories:

Share this page