This course has passed.


Data Subject Access Requests (SARs) can come in many different forms: verbal, written and even through social media.

Our Complying with Data Subject Access Requests course has been specifically designed to help you to manage SARs.

Through a series of interactive workshops, gain hands-on experience at identifying and managing SARS, applying the exemptions and requests for third party data.

There will be plenty of opportunity to network, share resources and experiences with other delegates. Gain valuable contacts with other like-minded peers to create an invaluable SARs handling support network.

Unlocking the Power of Virtual

Our virtual courses have been designed with you in mind. From group exercises in breakout rooms to live chat, whiteboards and interactive polls, we use a range of tools and techniques to ensure that you can connect with your trainer; network and share best practice with your peers and leave the day with the skills you need.

Our courses provide you with an interactive and engaging learning environment that can be accessed from any location, helping you to continue to connect, learn and grow. Click here to discover more!

Please note we will use Zoom to virtually deliver this course. 

trainer photo
Lynn Wyeth
Information Governance Manager - Leicester City Council

Lynn is the Information Governance Manager at Leicester City Council. Having previously worked as an MP and MEP’s political assistant, Lynn moved to her local council where she now oversees the Council’s Information Governance agenda including data protection, FOI, information sharing, RIPA and CCTV.

She has also helped health organisations with their information governance procedures.

Lynn is the author of two books, A Practical Guide to Handling Freedom of Information Requests and Data Protection: Compliance in Practice.

Read more

Learning Outcomes

  • Learn how to perfect SARs procedures
  • Design a more effective SARs handling toolkit
  • Gain an overview of the ICO’s right of access guidance 
  • Develop a thorough understanding of SARs requirements
  • Understand how data protection legislation impacts SARs
All the Understanding ModernGov courses are Continuing Professional Development (CPD) certified, with signed certificates available upon request for event.

Enquire About In-House Training

To speak to someone about a bespoke training programme, please contact us:
0800 542 9414
[email protected]


Collapse all
09:25 - 09:30


09:30 - 10:00

Trainer’s Welcome Clarification of Learning Objectives

10:00 - 10:45

Workshop I: Understanding Legislation and ICO Guidance on SARs

Gain a brief overview of Data Subjects Access Requests, under GDPR and Data Protection Act 2018.

  • Understand the reduced time frames
  • What personal information is covered
  • Learn how to reconcile conflicting legislation
  • Ascertain what the legislation says about SARs
  • Gain a better understanding of the ICO’s right of access guidance
10:45 - 11:00

Morning Break

11:00 - 12:00

Workshop II: Identifying and Managing SARs

  • Establish proof of authority
  • Train your staff to identify a SAR
  • Ensure the subject access request is valid
  • Learn the tools to verify the data subject’s identity
  • Develop strategies to manage the increase of SARs
  • Prepare your staff to take a SAR through different mediums: phone, email, letter or form
  • Gain senior buy-in to ensure your organisation has effective procedures in place to manage SARs
12:00 - 13:00

Workshop III: Applying the Exemptions

  • Identify and manage vexatious requests
  • Understand the exemptions in the DPA Act 2018
  • Understand how to conduct a public interest test
  • Know what information to include in a refusal notice
  • Understand what tools are available for managing SARs
13:00 - 13:45


13:45 - 14:00

Reflection Session

  • Trainer will review the day’s learning and the next stages of the course
  • Delegates will have time to ask questions and share views with one another
14:00 - 14:45

Workshop IV: Requests for Third Party Personal Data

How to deal with requests for personal data relating to third parties without harming individual’s rights.

  • Sensitive personal data
  • The public interest factors
  • Data protection considerations
  • Establish what information should never be disclosed
14:45 - 15:00

Afternoon Break

15:00 - 16:00

Workshop V: Design a SARs Handling Toolkit

  • Examine bad and best practice examples
  • The role of a Data Protection Officer in managing a SAR
  • Avoid data breaches by removing other individual’s data
  • Learn what information to include when responding to a SAR
  • Develop recording procedures to monitor the process of the SAR request
16:00 - 16:15

Key Takeaways and Roundup