This course has passed.


Data Subject Access Requests (SARs) are a key and important right granted to individuals under the UK Data Protection law. However, the handling of such requests can be a challenge as Personal Data can be found almost anywhere in an organisation and in various formats. Knowing what is something that can be released under SAR, and what is not, can be a challenge for an organisation.

The law, therefore, allows for certain pieces of someone’s Personal Data to be withheld from them in certain circumstances via the exemptions found in the Data Protection Act 2018. Using them, however, can be tricky and brings with it certain obligations to ensure your use of them is fair and reasonable.  Getting it wrong can, in the very worst of cases, result in serious consequences for the individuals concerned and possibly regulatory action.

Attend our Understanding and Applying SARs Exemptions course to gain practical knowledge of handling a SAR and applying the exemptions. Learn how to manage vexatious requests for personal data, practice writing a refusal notice, the best methods for redacting data and how to practically utilise the exemptions available to you.

As well as practical tips and knowledge you will also leave the day with some templates and an exemptions Toolkit to use in your organisation.

Unlocking the Power of Virtual

Our virtual courses have been designed with you in mind. From group exercises in breakout rooms to live chat, whiteboards and interactive polls, we use a range of tools and techniques to ensure that you can connect with your trainer; network and share best practices with your peers and leave the day with the skills you need.

Our courses provide you with an interactive and engaging learning environment that can be accessed from any location, helping you to continue to connect, learn and grow. Click here to discover more!

Please note we will use Zoom to virtually deliver this course.

trainer photo
Scott Sammons
Information Governance Coach, MNLP, AMIRMS, MBCS, H-FIIM

Scott is an experienced and qualified practitioner & coach in the management and governance of information and data having worked and volunteered for 14+ years in the profession. Starting his career in Local Government, Scott has since worked across both the private and public sectors (both large and small) and gained experience, knowledge and/or qualifications working with information governance frameworks applicable in the UK, Ireland, Isle of Man, and wider European context. From 2016-2020 Scott was Chair of the Information and Records Management Society (IRMS) and now volunteers as their lead on professional development including Accreditation, Mentoring, Apprenticeships and ...

Read more

Learning Outcomes

  • Gain a firmer understanding of what the regulation says about the exemptions
  • Develop techniques to manage vexatious requests for personal data
  • Understand when the exemptions might be applied by working through practical scenarios
  • Learn how to write a refusal notice
  • Take back a SAR exemptions toolkit to use within your organisation
All the Understanding ModernGov courses are Continuing Professional Development (CPD) certified, with signed certificates available upon request for event.

Enquire About In-House Training

To speak to someone about a bespoke training programme, please contact us:
0800 542 9414
[email protected]


Collapse all
09:25 - 09:30


09:30 - 10:00

Trainers Welcome and Clarification of Learning Objectives

10:00 - 10:45

Understanding the Regulation: The Role of the Exemptions

  • Learn how to apply schedules 2-4 of the DPA 2018
  • Understand the key difference to other information rights exemptions
  • Gain a firmer understanding of what the Data Protection Act 2018 (DPA 2018) says about the exemptions
  • Discuss how the Data Protection and Digital Information Bill might impact subject access requests
10:45 - 11:00


11:00 - 12:00

Overview of the Exemptions

  • Learn what exemptions apply to your organisation
  • Develop a more comprehensive overview of the exemptions
  • Understand how to apply exemptions for requests for third-party data
  • Work through scenarios where the exemptions might be applied
12:00 - 13:00

Managing Vexatious Requests

  • Identify vexatious requests
  • Gain strategies and techniques for handling vexatious requests
13:00 - 14:00


14:00 - 14:45

Workshop Writing a Refusal Notice

  • Identify key points to include
  • Establish what to say and how to communicate it
  • Learn how to write a refusal notice
14:45 - 15:00


15:00 - 16:00

Workshop Applying the Exemptions:

  • Review SAR requests and take part in an interactive session to learn when to apply the exemptions
  • Develop processes and procedures to better apply exemptions
  • Take back a SAR exemptions toolkit to use within your organisation
16:00 - 16:15

Round Up and Key Takeaways