Data Protection and GDPR Level 3 for Managers and Business (VTQ)

64 videos, 2 hours and 55 minutes

Course Content

What to do when you receive a SAR

Video 44 of 64
2 min 58 sec
Want to watch this video? Sign up for the course or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

Subject Access Request Policy

Importance of Policies and Processes

Record Keeping: Having policies and written processes in place aids in handling subject access requests (SARs).

Employee Awareness: Ensure all employees are trained to recognize SARs and report them promptly to the relevant department.

Handling SARs

Request Fulfilment: Individuals have the right to confirmation of data processing and a copy of their data, along with any supplementary information.

Request Logging: Maintain a log of all SARs, especially verbal or in-person requests, including the data requested.

Verification: If unsure of the requester's identity, ask for necessary information to confirm their identity, but avoid unnecessary delays.

Response Procedures

Response Time: Respond to SARs within one calendar month; many organizations aim to respond within 28 days to ensure compliance regardless of the month's length.

Fee Policy: Do not charge a fee for responding to SARs unless justified as a reasonable administrative cost.

Refusal or Delay: Refrain from refusing or delaying SARs unless they are repeated, manifestly unfounded, or excessive.

Communication with Data Subjects

Informing Data Subjects: Notify data subjects of any decision to charge a fee, refuse, or delay their SAR, and inform them of their right to lodge a complaint with the ICO.