• The rights of individuals to access personal information
• The obligations and responsibilities of the data controller
• The policies, procedures and documentation you should have in place
• The rules on how and when you must respond to a request
• Tips and advice on managing the data collection process in the most efficient way possible
• Getting cooperation from other staff and data processors
• How to manage the effect of the SAR on other affected parties
• Managing the liaison with the person making the request
• Possible further consequences and actions that may follow a SAR

This course is essential training for anyone performing the role of a Data Protection Officer or Data Protection Coordinator. It will benefit anyone with a responsibility for information or privacy as well as IT, Finance, HR, Payroll and Office Managers who need to know how to respond to SARs.

• What rights do individuals have to access information held about them and how far do those rights extend?
• How can you ensure all your staff know what it is and what to do with it?
• How much time are you allowed to respond and how can you pause or extend that response time?
• When is ID validation important and how do you obtain it?
• How can you categorise requests and thus allocate resources effectively?
• What constitutes Personal Data for the purpose of a SAR and how is this different from the everyday definition?
• Which records, if any, are not covered by data protection law?
• What is the best way to collate the information for preparing the response?
• What must you take into account regarding consultation with third parties?
• Under what circumstances is it essential that you redact or withhold certain information?
• What reasons are there for not sharing information or for completely rejecting a SAR?
• What form should the final communication and full disclosure take?
• How should each step be recorded internally?
• How should you respond to a further complaint resulting from the disclosure or or non-disclosure?
• What are your obligations to the ICO when receiving, managing and responding to a SAR?
• What are the probable sanctions for failure to comply?
• What will happen if the ICO decide to investigate?
• How can you fine-tune the internal SAR-handling process for continuing improvement and efficiency?

• A course pack containing the information presented on the day
• Sample documents including a SAR policy, procedure, request form, response letters and register
• A SAR checklist to help you manage the process
• A certificate of attendance

• Keith Dewey

  Keith is a well-established information security and data protection practitioner, with extensive experience in training, public speaking and consulting.

  He has held CISO and DPO roles at large UK companies, and worked across a range of industries including financial services, utilities and real estate. Keith is also a Certified EU GDPR Practitioner, has a Certificate in Information Security Management Principles (CISMP) and passed the Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) exams.