Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

What To Do With The Nightmare SAR?

by Adam Brogden
in Blog

28-Nov-2018 13:57

Watch out for a SAR known as the Nightmare SAR! This SAR was actually developed to help companies test their SAR process but has been adopted by evil SAR doers often as a way to victimise companies. You will know it if you receive it! It is huge and asks for all sorts of detail that you probably won’t even know. One clue is when you receive all the ID info along with the SAR request. This suggests that they have done some homework and might be out to cause you trouble.

Even if it is the nightmare SAR, don’t ignore it and make sure you reply in the allotted time. The following list describes the data you need to provide in response to a SAR is copied directly from the ICO website. Use this as your guide. Reply as fully as you can and make sure you let them you know that you understand the rules.

In addition to a copy of their personal data, you also have to provide individuals with the following information:

  • The purposes of your processing

  • The categories of personal data concerned

  • The recipients or categories of recipient you disclose the personal data to

  • Your retention period for storing the personal data or, where this is not possible, your criteria for determining how long you will store it

  • The existence of their right to request rectification, erasure or restriction or to object to such processing

  • The right to lodge a complaint with the ICO or another supervisory authority

  • Information about the source of the data, where it was not obtained directly from the individual

  • The existence of automated decision-making (including profiling)

  • The safeguards you provide if you transfer personal data to a third country or international organisation.

Make sure you are polite in all your responses and don’t miss the 30 day deadline. Include all the information in one go to avoid multiple messages and the risk of something going missing. If they get grumpy or even aggressive then feel free to call the ICO for advice. The ICO will help you understand what you need to do. I can tell you from experience that the ICO are very helpful in these cases and calling them is a good idea.

So, if you receive the dreaded Nightmare SAR, don’t panic! Follow the process in your Optindigo pack and make sure you respond in good time. Feel free to call us for help anytime.

Good luck all.