SAR Toolkit inhouse

This course works in two parts, and you can book either or both sessions.

Process session:
Dealing with a subject access request is a tricky business and this no-nonsense course will teach you what you need to do when a SAR arrives. Checking ID, dealing with requests made via solicitors and other third parties and deciding whether the request is complex will all be dealt with, as well as the thorny issues of when a request might be unfounded or vexatious. GDPR SARs are not the same as subject access used to be, and this course will teach you how to negotiate the challenges.
  • The principles of subject access – procedures and processes for dealing with requests
  • Validating requests – ID checks and the questions you can ask data subjects to answer before proceeding
  • Requests where the applicant is representing someone else – parents, solicitors, portal sites
  • Clarification questions – reducing the scope of the request (including the concept of the ‘reasonable’ search)
  • Time limits and complexity
  • When you can charge and refuse to comply with a subject access request including the way in which ICO interprets the ‘unfounded’ and excessive provisions to refuse requests
Exemptions session:
Once you have a valid subject access request, what then? How do you search for information? What can you legitimately exclude from a request? How do you deal with information about other people, or staff members, especially if they don’t want to be identified? If you’re dealing with a difficult or angry applicant, what do you have to tell them about the information you’ve withheld? This practical, no-nonsense course will answer all these questions and more. I’ve been dealing with subject access requests since 2002, and I have a lot to tell you!
  • Searching – what the GDPR and recent court cases say about the scope of a subject access request
  • Data received from third party organisations
  • Third parties and how is their data dealt with – including recent court cases on so-called ‘mixed requests’, including court decisions
  • Data about staff mentioned in emails and other correspondence
  • Exemptions from subject access – crime and taxation, legal proceedings, negotiations and other relevant exemptions
  • Redaction techniques

£500 + VAT for half-day or £1000 + VAT for a full day

Previous Customer Feedback