This course has passed.


Data Subject Access Requests (SARs) can come in many different forms: verbal, written and even through social media.

SARs are not a new concept, but it’s now easier for individuals to request information and more challenging for organisations to respond.

Join our Complying with Data Subject Access Requests course to gain hands-on experience at identifying and managing SARs, applying the exemptions and requests through third party data.

There will be plenty of opportunity to network, share resources and experiences in interactive workshops with other delegates. Gain valuable contacts with other like-minded peers to create an invaluable SARs handling support network.

trainer photo
Scott Sammons

Scott is an experienced Information Governance (IG) Practitioner having worked in IG across both the public and private sectors for 10+ years and qualified in various subjects including Data Protection and Information Management.

Scott is now independent and owns Lighthouse IG working with a range of councils, government departments, charities and businesses looking to improve how they handle and make the most of their records and data.

As a volunteer Scott has also been Chair of the Information & Records Management Society (IRMS) for the last 3 years, leading the development of standards and resources for those ...

Read more

Learning Outcomes

  • Learn how to perfect SARs procedures
  • Design a more effective SARs handling toolkit
  • Gain an overview of the ICO’s right of access guidance 
  • Develop a thorough understanding of SARs requirements
  • Understand how data protection legislation impacts SARs
All the Understanding ModernGov courses are Continuing Professional Development (CPD) certified, with signed certificates available upon request for event.

Enquire About In-House Training

To speak to someone about a bespoke training programme, please contact us:
0800 542 9414
[email protected]


Collapse all
09:15 - 09:45


09:45 - 10:00

Trainer’s Welcome Clarification of Learning Objectives

10:00 - 10:45

Workshop I: Understanding Legislation and ICO Guidance on SARs

Gain a brief overview of Data Subjects Access Requests, under GDPR and Data Protection Act 2018.

  • Understand the reduced time frames
  • What personal information is covered
  • Learn how to reconcile conflicting legislation
  • Ascertain what the legislation says about SARs
  • Gain a better understanding of the ICO’s right of access guidance
10:45 - 11:00

Morning Break

11:00 - 12:00

Workshop II: Identifying and Managing SARs

  • Establish proof of authority
  • Train your staff to identify a SAR
  • Ensure the subject access request is valid
  • Learn the tools to verify the data subject’s identity
  • Develop strategies to manage the increase of SARs
  • Prepare your staff to take a SAR through different mediums: phone, email, letter or form
  • Gain senior buy-in to ensure your organisation has effective procedures in place to manage SARs
12:00 - 13:00

Workshop III: Applying the Exemptions

  • Identify and manage vexatious requests
  • Understand the exemptions in the DPA Act 2018
  • Understand how to conduct a public interest test
  • Know what information to include in a refusal notice
  • Understand what tools are available for managing SARs
13:00 - 13:45


13:45 - 14:00

Reflection Session

  • Trainer will review the day’s learning and the next stages of the course
  • Delegates will have time to ask questions and share views with one another
14:00 - 14:45

Workshop IV: Requests for Third Party Personal Data

How to deal with requests for personal data relating to third parties without harming individuals rights.

  • Sensitive personal data
  • The public interest factors
  • Data protection considerations
  • Establish what information should never be disclosed
14:45 - 15:00

Afternoon Break

15:00 - 16:00

Workshop V: Design a SARs Handling Toolkit

  • Examine bad and best practice examples
  • The role of a Data Protection Officer in managing a SAR
  • Avoid data breaches by removing other individuals’ data
  • Learn what information to include when responding to a SAR
  • Develop recording procedures to monitor the process of the SAR request


16:00 - 16:15

Key Takeaways and Roundup


Central Edinburgh