Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR SAR Request Advice

by Adam Brogden
in Blog

11-Jun-2019 11:37

Have you received a Subject Access Request? If so you need to take action to avoid enforcement action from the ICO and even worse legal action from the person submitting the SAR. The problem is that SARs are not always obvious. GDPR says that’s SAR can be issued to you in pretty much any way including verbally, and that the person doesn’t even have to say the word SAR. So if anyone says, ’tell me what info you have on me’, this would count as a SAR and you would need to respond.

Then there is the deadline. You have one month to respond to the SAR unless the request is complex, however there is no definition of complex. In some cases sorting through even a small number of files could be complicated and takes ages but would this count as complex under GDPR and allow you an extension? SARs are tricky.

My best advice is to take ALL requests seriously and make sure you respond quickly to the initial request. Then work out how long you need and decide if you are going to need an extension. Do this quickly and definitely not on the last day! Then, make sure you respond on time. Seems simple but we have had a number of customers that have not responded quickly enough and are at risk of further action.

If you are not sure what to do just call us! We can help. There is a process in your document pack and also a SAR Manager tool on the site. Don’t make the situation worse. Take all SARs seriously and respond accordingly.

Good luck all!