Courses take place in:

London, Manchester, Belfast, Edinburgh, Glasgow and Isle of Man

Dealing effectively with Subject Access Requests (‘SARs’) remains a management challenge for many organisations. Requests can come from customers, employees, complainants, and others. The quantities of information typically held on individuals are increasing to vast proportions, sometimes as an unintended consequence of technological advances.

This practical training session, which is fully up to date with the requirements of the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the implications of Brexit, looks in detail at the right of individuals to gain access to their data, as well as the exemptions that organisations can use to withhold information. It gives delegates the information they need to set up an effective SAR handling process in their organisation, and looks at how to avoid the common pitfalls that arise. It includes:

• determining whether a valid request has been made
• liaising with the applicant to clarify the request
• analysing whether particular manual (paper) records fall within the law
• setting parameters for the search for information and collating the results
• establishing whether the retrieved information is personal data
• dealing with third party information
• applying the relevant exemptions
• presenting the response to the applicant including how to redact documents
• managing dissatisfied recipients
• how to deal with an investigation
• staff awareness and training

Participants in this session work through a number of practical scenarios and will leave the session knowing how to respond to access requests as well as how to set up an effective SAR handling process in their organisation.

Attendance on this course can be used as credit towards gaining the Practitioner Certificate in Data Protection.