Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Received A SAR?

by Adam Brogden
in Blog

29-Jan-2019 10:31

So, you have received a dreaded Subject Access Request. What should you do? Don’t forget that SARs can be issued to you by pretty much any means, email, letter, verbal, SMS - anything! If someone asks you, ‘What info have you got on me?’ then this is a SAR. You much respond to SARs in a given time and provide certain information or you risk ICO enforcement action. In fact you might even be storing the data perfectly legally but if you don’t respond to the SAR with still risk a fine. The ‘crime’ is failing to respond to the SAR not just storing data you shouldn’t.

Assuming you have completed your GDPR process you should refer to your SAR policy and follow that procedure. If you have not yet completed your GDPR do it now! Optindigo has everything you need.

Here are a few tips.

  1. Log the request and date received - dates are important, you need to have an audit trail of action, responses, correspondence.

  2. Acknowledge the SAR promptly - make sure you tell the person you have got the request and will investigate

  3. Ask the person for ID if you need it - don’t go over the top and ask for DNA samples but make sure you are 100% confident that you are dealing with the data subject and not some fake

  4. Investigate the SAR fully and collate your response, absolutely make sure you have all the info you need. Don’t rush and miss vital data - this might just come back and bite you later.

  5. Collate your response, don't forget that GDPR specifies what data you need to send, you don’t necessarily need to send everything they have asked for.

  6. Review and double check your response - this is vital.

  7. Send the response and make sure you have a delivery receipt or equivalent.

Most importantly, make sure you are professional, helpful, and if possible even friendly. Make sure you log everything and follow your process. Fines are issued for failing to respond, you need to be able to show that you have made a reasonable effort.

Call us! Call us first. We are happy to help.

Good luck all.