A Customers National Insurance Number.

A HMRC employee's ethnicity data.

A customer case file.

A customer email address.

The right to request corrections to their personal data (or 'rectification').

The right to access their personal data (Often exercised through a 'Subject Access Request')

Rights relating to automated decisions and automated profiling.

The right to be remembered.

Ask the customer's consent to continue processing.

Tell the customer that HMRC can process personal data when it needs to do son while carrying out its official functions as a government department, and in those circumstances does not need consent.

Ask the customer to complete a Subject Access Request (SAR).

Tell the customer that HMRC can process, store and retain any data for an unlimited period of time because it is a tax authority.

Respond to the customer directly and send them their persona data.

Deal with the request straightaway in line with your area's SAR's process.

Accept the deadline is in a months time, so take your time to prepare the data in the most appropriate format for the customer.

Collate all of the customers personal data and send this to your Data Protection contact.

Report it within one month to the Data Protection contact in your department.

Report it to the customer directly.

Immediately raise the incident via the Incident reporting Tool and inform your manager.

Report it to your Security and Information Business Partner (SIBP) team when you next see them.