This course has passed.

Overview

A data subject access request (SAR) is a legal right for individuals to access the information that an organisation holds about them.

Recent data protection legislation has had a significant impact on how organisations manage and respond to data subject access requests (SARs). The abolition of the £10 administration fee, reduced timescale for responding to a SAR, and higher fees for not complying; all pose significant challenges to how organisations manage SARs.

This Complying with Data Subject Access Requests course has been specifically designed to help you to identify and manage SARs. Through a series of interactive workshops, gain hands-on experience at understanding the latest legislation on SARs; identifying and managing SARs, and applying the exemptions.

Attend this training course to take back a SARs handling toolkit to ensure that you and your organisation successfully comply and respond to a SAR.

trainer photo

Learning Outcomes

  • Develop a thorough understanding of SARs requirements
  • Learn how to perfect SARs procedures
  • Understand how GDPR and the Data Protection Act 2018 impacts SARs
  • Embed effective SARs procedures within your organisation
  • Design a more effective SARs handling toolkit
All the Understanding ModernGov courses are Continuing Professional Development (CPD) certified, with signed certificates available upon request for event.

Enquire About In-House Training

To speak to someone about a bespoke training programme, please contact us:
0800 542 9414
[email protected]

Agenda

Collapse all
09:15 - 09:45

Registration

09:45 - 10:00

Trainer’s Welcome and Introductions

10:00 - 10:45

Workshop I: Understanding the Latest Legislation on SARs

Gain a brief overview of Data Subjects Access Requests, under GDPR and Data Protection Act 2018.

  • Ascertain what the GDPR and DPA Act 2018 say about SARs
  • Learn how to reconcile conflicting legislation
  • Understand the reduced time frames
  • What personal information is covered
10:45 - 11:00

Morning Break

11:00 - 12:00

Workshop II: Identifying and Managing SARs

  • Ensure the subject access request is valid
  • Train your staff to identify a SAR
  • Prepare your staff to take a SAR through different mediums: phone, email, letter or form
  • Gain senior buy-in to ensure your organisation has effective procedures in place to manage SARs
  • Develop strategies to manage the increase of SARs
  • Learn the tools to verify the data subjects identify
  • Establish proof of authority
12:00 - 13:00

Workshop III: Applying the Exemptions

  • Understand the exemptions in the DPA Act 2018
  • Identifying and managing vexatious requests
  • Understand how to conduct a public interest test
  • Know what information to include in a refusal notice
  • Understand what tools are available for managing SARs
13:00 - 14:00

Lunch

14:00 - 14:45

Workshop IV: Requests for Third Party Personal Data

How to deal with requests for personal data relating to third parties without harming individual’s rights.

  • Data protection considerations
  • The public interest factors
  • Sensitive personal data
  • Establish what information should never be disclosed
14:45 - 15:00

Afternoon Break

15:00 - 16:00

Workshop V: Design a SARs Handling Toolkit

  • The role of a Data Protection Officer in managing a SAR
  • Examine bad and best practice examples
  • Learn what information to include when responding to a SAR
  • Avoid data breaches by removing other individual’s data
  • Develop recording procedures to monitor the process of the SAR request

Venue

Hilton Carlton – Edinburgh

19 North Bridge, Edinburgh, EH1 1SD