Available Dates


Data Subject Access Requests (SARs) are a key and important right granted to individuals under the UK Data Protection law. However, the handling of such requests can be a challenge as Personal Data can be found almost anywhere in an organisation and in various formats. Knowing what can be released under SAR, and what is not, can be a challenge for any organisation.

Attend our Understanding and Applying SARs Exemptions course to gain practical knowledge of handling a SAR and applying the exemptions. Learn how to manage vexatious requests for personal data, practice writing a refusal notice, the best methods for redacting data and how to practically utilise the exemptions available to you.

As well as practical tips and knowledge, leave the day with an exemptions toolkit including templates to use in your organisation.

trainer photo
Scott Sammons
Information Governance Coach, MNLP, AMIRMS, MBCS, H-FIIM

Scott is an experienced and qualified practitioner & coach in the management and governance of information and data having worked and volunteered for 14+ years in the profession. Starting his career in Local Government, Scott has since worked across both the private and public sectors (both large and small) and gained experience, knowledge and/or qualifications working with information governance frameworks applicable in the UK, Ireland, Isle of Man, and wider European context. From 2016-2020 Scott was Chair of the Information and Records Management Society (IRMS) and now volunteers as their lead on professional development including Accreditation, Mentoring, Apprenticeships and ...

Read more

Learning Outcomes

  • Gain a firmer understanding of what the regulation says about the exemptions
  • Develop techniques to manage vexatious requests for personal data
  • Understand when the exemptions might be applied by working through practical scenarios
  • Learn how to write a refusal notice
  • Take back a SAR exemptions toolkit to use within your organisation
All the Understanding ModernGov courses are Continuing Professional Development (CPD) certified, with signed certificates available upon request for event.

Enquire About In-House Training

To speak to someone about a bespoke training programme, please contact us:
0800 542 9414
[email protected]


Collapse all
09:00 - 09:30


09:30 - 10:00

Trainer’s Welcome and Clarification of Learning Objectives

10:00 - 10:45

Understanding the Regulation: The Role of the Exemptions

  • Learn how to apply schedule 2-4 of the DPA 2018
  • Understand the key difference to other information rights exemptions
  • Gain a firmer understanding of what the Data Protection Act 2018 (DPA 2018) says about the exemptions
  • Discuss how the Data Protection and Digital Information Bill might impact subject access requests
10:45 - 11:00

Morning Break

11:00 - 12:00

Overview of the Exemptions

  • Learn what exemptions apply to your organisation
  • Develop a more comprehensive overview of the exemptions
  • Understand how to apply exemptions for requests to third party data
  • Work through scenarios where the exemptions might be applied
12:00 - 13:00

Managing Vexatious Requests

  • Identify vexatious requests
  • Gain strategies and techniques on handling vexatious requests
13:00 - 14:00


14:00 - 14:45

Workshop: Writing a Refusal Notice

  • Identify key points to include
  • Establish what to say and how to communicate it
  • Learn how to write a refusal notice
14:45 - 15:00

Afternoon Break

15:00 - 16:00

Workshop: Applying the Exemptions

  • Review SAR requests and take part in an interactive session to learn when to apply the exemptions
  • Develop processes and procedures to better apply exemptions
  • Take back a SAR exemptions toolkit to use within your organisation
16:00 - 16:15

Feedback, Evaluation and Close