Once you have a valid subject access request, what then? How do you search for information? What can you legitimately exclude from a request? How do you deal with information about other people, or staff members, especially if they don’t want to be identified? If you’re dealing with a difficult or angry applicant, what do you have to tell them about the information you’ve withheld? This practical, no-nonsense course will answer all these questions and more. I’ve been dealing with subject access requests since 2002, and I have a lot to tell you!
-
Searching – what the GDPR and recent court cases say about the scope of a subject access request
-
Data received from third party organisations
-
Third parties and how is their data dealt with – including recent court cases on so-called ‘mixed requests’, including court decisions
-
Data about staff mentioned in emails and other correspondence
-
Exemptions from subject access – crime and taxation, legal proceedings, negotiations and other relevant exemptions
-
Redaction techniques