An employee has made a Subject Access Request (SAR) and asked to see the whole of their HR file – its BIG! What is an SAR, and what do we need to include in it?
An employee data subject access request – is a right under the EU General Data Protection Regulation (2018), to ask for all information relating to you that your employer (as a data controller) holds.
Importantly, it includes the right to seek information contained on your employer’s electronic filing system/computers/communication systems. For example, if a manager has been emailing collegaues’ about a member of their team, the employee is entitled to see this information.
You have to respond swiftly to this request, and at the latest within a calendar month of the subject access request being received. However, if the request you receive from the employee is ‘manifestly excessive’, which in this case it may be if they have a large employee file, you can ask for up to a further three months to provide the information to the employee.
In the majority of cases, there is no charge to the employee for making this SAR. However, you can ‘charge a reasonable fee’ to cover your costs if the employee has asked for more than one copy of the information for example or for the administrative costs of complying with the request if it is deemed “manifestly unfounded or excessive”.
Essentially, the employee has a right to see all information that has been documented or communicated about them. This includes within emails, text messages, whatsapp messages, MS Teams chat, or other chat platforms that you may use. So, as you can see this could be a huge amount of work to collate or also include information that you would rather not have the employee see!
