Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Subject Access Request. The key to GDPR plans?

Tagged with gdpr, ico, data, free, freeadvice, gdprtemplate, easygdpr, gdprfree,
by Adam Brogden
in Blog

29-Mar-2018 10:07

The Right to Access is a pretty fundamental requirement under GDPR. The Data Subject has the right to obtain confirmation that their data is being processed; information about why, what and how the data is being processed [as in a Privacy Statement]; and perhaps most importantly copies of the data that is held about them. You have limited time to respond to this sort of request and would not normally be expected to charge a fee.

Sounds ok? Just think this through – if you received a SAR request today for one customer would you actually be able to extract all the information you have about them and confirm the [Privacy Statement] associated information, collate and produce a coherent response for the data subject? Really?

Your ability to respond to a Subject Access Request should be your acid test to whether you understand what data you have, where it is, and why you have it. Allow you to be confident that you are operating responsibility. Not only do you need to provide the response you need to be confident that your response is reasonable. Do you really want to tell the data subject that you keep their data indefinitely just in case? This is going to lead to big problems.

What if you receive 10, 20 or 30 SAR requests in one go? There are fears that post GDPR we will all receive huge numbers of SARs, can you cope? Do you record your calls, use CCTV, send sensitive data by email? These only make the situation more difficult.

So, your SAR process might be one of the simplest documents you produce, might not get a lot of attention but perhaps you are missing a trick. Use the SAR to check that you are ready for GDPR. Run a few tests, see how you get on!

Good luck all!