• The rights of individuals to access personal information
• The obligations and responsibilities of the data controller
• The policies, procedures and documentation you should have in place
• The rules on how and when you must respond to a request
• Tips and advice on managing the data collection process in the most efficient way possible
• Getting cooperation from other staff and data processors
• How to manage the effect of the SAR on other affected parties
• Managing the liaison with the person making the request
• Possible further consequences and actions that may follow a SAR

This course is essential training for anyone performing the role of a Data Protection Officer or Data Protection Coordinator. It will benefit anyone with a responsibility for information or privacy as well as IT, Finance, HR, Payroll and Office Managers who need to know how to respond to SARs.

• What rights do individuals have to access information held about them and how far do those rights extend?
• How can you ensure all your staff know what it is and what to do with it?
• How much time are you allowed to respond and how can you pause or extend that response time?
• When is ID validation important and how do you obtain it?
• How can you categorise requests and thus allocate resources effectively?
• What constitutes Personal Data for the purpose of a SAR and how is this different from the everyday definition?
• Which records, if any, are not covered by data protection law?
• What is the best way to collate the information for preparing the response?
• What must you take into account regarding consultation with third parties?
• Under what circumstances is it essential that you redact or withhold certain information?
• What reasons are there for not sharing information or for completely rejecting a SAR?
• What form should the final communication and full disclosure take?
• How should each step be recorded internally?
• How should you respond to a further complaint resulting from the disclosure or or non-disclosure?
• What are your obligations to the ICO when receiving, managing and responding to a SAR?
• What are the probable sanctions for failure to comply?
• What will happen if the ICO decide to investigate?
• How can you fine-tune the internal SAR-handling process for continuing improvement and efficiency?

• A course pack containing the information presented on the day
• Sample documents including a SAR policy, procedure, request form, response letters and register
• A SAR checklist to help you manage the process
• A certificate of attendance

• Peter Blenkinsopp

  Peter is a highly qualified privacy professional with a background in law, technology and business.  He has helped many organisations across the globe to successfully deliver business change within heavily regulated environments.  He runs his own consultancy practice specialising in helping companies achieve data privacy compliance. He holds an LL.B and LL.M along with professional certifications from the International Association of Privacy Professionals (IAPP).