The Information Commissioner’s Office (‘ICO’) has published a new guide to help businesses and other organisations handle ‘subject access requests’ under data protection law.
You can download the Guide here: https://ico.org.uk/media/for-organisations/documents/how-to-disclose-information-safely-removing-personal-data-from-information-requests-and-datasets/1432979/how-to-disclose-information-safely.pdf
The new guide, How to disclose information safely: Removing personal data from information requests and datasets, covers key areas for organisations, such as:
How to avoid inadvertently releasing personal data about third parties when responding to a request
How to deal with data held in spreadsheets or other documents that may be hidden (such as hidden data in pivot tables)