Handling Subject Access Requests

Target Audience

• HR Professionals
• HR Directors
• Operations Directors
• Business Owners
• Data Protection Leads
• Data Protection Officers
• Office Managers

About this session

Under the General Data Protection Regulation (GDPR) an individual (Data Subject) has the Right of Access to his/her personal data that is processed by an organisation. The Data Subject Access Request (DSAR) is the tool that individuals can use to access their personal data. Handling DSARs can be incredibly complex and overwhelming, as they can arrive at any time from customer to past/present employees. This course will cover the following:

• defining the 'Right of Access' under GDPR
• discussing the importance of the 'fair, lawful and transparent' principle under GDPR
• how to determine whether a DSAR is valid or not
• how to liaise with an individual when seeking to clarify the DSAR
• how and when to verify the identification of the Data Subject
• what are the timescales for responding to a DSAR, and when is it possible to extend the response period
• how to deal with third-party information
• what exemptions can be applied and when is it appropriate to apply them
• what to consider when redacting personal data
• how to respond to the Data Subject, and what should be included
• how to deal with unfounded and excessive requests

The course in 90 minutes in length and will draw upon practical, real-life scenarios so that the course material can be brought to life. There will be an opportunity to ask questions throughout the course. We have also included several survey questions, in order to test delegates understanding of the materials.

Please click on a date to book onto that course.