The UK’s data protection regulator has taken action against seven public and private sector organizations for failing to meet their obligations under the GDPR and UK Data Protection Act. UK organizations must respond to requests by members of the public for personal information held on them, known as Subject Access Requests (SARs), within one to three months.

Read full article on Infosecurity