Dealing with a subject access request is a tricky business and this no-nonsense course will teach you what you need to do when a SAR arrives. Checking ID, dealing with requests made via solicitors and other third parties and deciding whether the request is complex will all be dealt with, as well as the thorny issues of when a request might be unfounded or vexatious. GDPR SARs are not the same as subject access used to be, and this course will teach you how to negotiate the challenges.
Course includes
-
The principles of subject access – procedures and processes for dealing with requests
-
Validating requests – ID checks and the questions you can ask data subjects to answer before proceeding
-
Requests where the applicant is representing someone else – parents, solicitors, portal sites
-
Clarification questions – reducing the scope of the request (including the concept of the ‘reasonable’ search)
-
Time limits and complexity
-
When you can charge and refuse to comply with a subject access request including the way in which ICO interprets the ‘unfounded’ and excessive provisions to refuse requests