Subject Access Requests - Part 1
Unlock This Video Now for FREE
This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
Changes to Handling Subject Access Requests (SARs) under GDPR
New Timeframe for Response
Extended Deadline: You now have one calendar month to respond to a Subject Access Request (SAR).
Considerations: Response deadline adjusts for varying days in different months.
Practical Approach: Many companies opt for a simplified 28-day response policy for compliance certainty.
Recognition of Requests
Diverse Channels: SARs can be received via various channels including telephone, email, mail, online, social media, or face to face.
Staff Training: All customer-facing staff need to be trained to identify SARs.
Accessible Forms: Offer SAR submission forms on the website, but individuals can request through any means.
Fee Policy Changes
No Charging by Default: Charging a fee for SARs is prohibited unless deemed "manifestly unfounded or excessive."
Justification: Businesses must justify fees, especially for high-volume or repeated requests.
Compliance: In most cases, businesses must provide information without charging a fee.