Subject Access Requests (SARs)

Aim: Dealing with requests from individuals for personal information.

Subject access is a fundamental right for individuals that enable them to find out what personal data an organisation holds about them, why they hold it and who they disclose it to.

Any organisation that holds personal identifiable data (PII) should understand their obligations to provide subject access to that data and follow good practice when dealing with SARs. Although the practices that organisations adopt to respond to SARs are likely to differ, depending on their size and the nature of the personal data they hold, the underlying principles concerning subject access are the same in every case.

Once a valid request has been made, Apogee FTE can help organisations locate relevant PII in a timely manner and through methodology that is compliant with GDPR regulations. The GDPR states that any information must be provided without delay and, at the very latest, within one month of the date of the request – substantially less time than the 40 days which was previously allowed under the DPA (Data Protection Act).

Subject Access Request SAR - ICO

Subject Access Requests form a fundamental part of the GDPR process and, given the ever increasing awareness of the public regarding their data rights and the high profile that information about GDPR seems to be gaining, it is ever more likely that your firm will receive more subject data requests than it has in the past.

The risks of not complying with it are sufficiently great that firms would be foolish to ignore the regulations – especially as doing so will not only put them in breach of the GDPR but the SRA Code of Conduct as well. Get in touch with Apogee FTE today by completing our website form or calling us on 0207 553 9595.