I offer three courses on subject access and other GDPR rights. They work as standalone sessions, but if you book both together, you get a discount on the three. After the course, you will receive a link to a regularly updated page with links to DPIA resources.
SAR Basics (2 hours)
Dealing with a subject access request is a tricky business and this no-nonsense course will teach you what you need to do when a SAR arrives. Checking ID, dealing with requests made via solicitors and other third parties and deciding whether the request is complex will all be dealt with, as well as the thorny issues of when a request might be unfounded or vexatious. GDPR SARs are not the same as subject access used to be, and this course will teach you how to negotiate the challenges.
SARs: searching, redaction and exemptions (2 hours)
Once you have a valid subject access request, what then? How do you search for information? What can you legitimately exclude from a request? How do you deal with information about other people, or staff members, especially if they don’t want to be identified? If you’re dealing with a difficult or angry applicant, what do you have to tell them about the information you’ve withheld? This practical, no-nonsense course will answer all these questions and more. I’ve been dealing with subject access requests since 2002, and I have a lot to tell you!
Everyone in Data Protection is obsessed by subject access (and rightly so, it’s the right that people are most likely to use), but the GDPR contains multiple rights including rectification, access to portable data and the notorious right to be forgotten – which weirdly, isn’t a right to be forgotten at all. This plain-English course will give you an overview of all of the rights, including previous cases, advice from regulators, and practical tips to deal with them efficiently and fairly.