Handling Subject Access Requests

Handling Subject Access Requests

A detailed one-day practical workshop designed for compliance teams and other professionals responsible for managing the lifecycle of SARs.

By Freevacy Ltd

Select date and time

Tuesday, July 22 · 2 - 7am PDT

Location

Online

Refund Policy

No Refunds

About this event

One of the principal aims of the UK General Data Protection Regulation (GDPR) is to empower individuals (data subjects) by giving them control over their personal data. These fundamental rights are set out in Articles 12-22 in Chapter 3 of the GDPR.

They include the right of access (subject access) to ask an organisation whether they hold any personal information about them and to ask for a copy. Regardless of what area of business an organisation operates in, if it holds or processes personal data, upholding the right of access is a legal requirement.

This practical one-day training course is intended for individuals tasked with responding to subject access requests (SARs).

The course covers:

Introduction to Data Subject Rights (DSRs):

  • The rights of the data subject under the UK GDPR
  • The 8 fundamental data subject rights, including the right of access
  • Overview of the processes and procedures (Transparency & Modalities) required to ensure compliance with DSRs


Subject Access Requests (SARs)

What the data subject can ask for and expect to be told:

  • What data is being processed
  • Requesting access to the data
  • The purpose of processing
  • The types of personal data
  • How long it will be held
  • Who the data is shared with
  • Informing data subjects of their right to make a complaint to the ICO
  • Informing data subjects of their other DSRs
  • The source of the data
  • The logic behind automated processing
  • Safeguards for international transfers

Other important aspects relating to SARs:

  • How requests can be made
  • How requests relating to children’s data should be handled
  • How to identify the data subject requesting the information
  • Identifying third-party requests of personal data on behalf of the data subject
  • Clarification of requested information
  • Handling requests that identify third-party information
  • Searches for the requested information
  • Timescales for responding to a request


Subject Access Considerations:

  • What is personal data?
  • Searches for personal data
  • Third-party data
  • Enforced Subject Access
  • GDPR and DPA18 do not cover deceased persons' data
  • Understanding the difference between SARs and normal business
  • Unstructured manual records
  • SAR provisions and exemptions for special cases of access


Refusing a SAR:

  • Manifestly unfounded requests
  • Manifestly excessive requests


Restrictions affecting data subject's rights (Exemptions):

  • What adaptions and restrictions different exemptions apply
  • Exemptions


Complaints and Appeals:

  • Complaints and appeals
  • Enforcement

Organized by

Freevacy Ltd

Freevacy is a dedicated Information Rights training provider, offering continuous professional development for DPOs, compliance teams, executives and frontline employees. We offer a complimentary range of certificated training courses from two globally recognised independent examination bodies, the IAPP and BCS. We also deliver custom learning and development programmes to establish a privacy-compliant culture throughout the workforce. Our informal, interactive and in-depth training strikes the perfect balance between practical, real-world situations and the law.

Training during the COVID-19 pandemic

We deliver all BCS and IAPP certified training courses through live online classes. Whether attending from home, or the office, training is delivered safely across a secure WebEx platform with all the support and interactivity found in the classroom.

£474