This course has passed.


Data Subject Access Requests (SARs) are an integral part of the data protection landscape. However, we know requests for personal information can often be a costly and time-consuming task to complete.

SARs exemptions allow public sector organisations to protect information, reduce the burden of responding to vexatious requests and prioritise valid requests for personal data.

Attend our Understanding and Applying SARs Exemptions course to gain a brief and comprehensive overview of the SAR landscape and exemptions. Learn how to manage vexatious requests for personal data, practice writing a refusal notice and best apply the exemptions.

Unlocking the Power of Virtual

Our virtual courses have been designed with you in mind. From group exercises in breakout rooms to live chat, whiteboards and interactive polls, we use a range of tools and techniques to ensure that you can connect with your trainer; network and share best practice with your peers and leave the day with the skills you need.

Our courses provide you with an interactive and engaging learning environment that can be accessed from any location, helping you to continue to connect, learn and grow.

Please note we will use Zoom to virtually deliver this course.

trainer photo
Scott Sammons

Scott is an experienced Information Governance (IG) Practitioner having worked in IG across both the public and private sectors for 10+ years and qualified in various subjects including Data Protection and Information Management.

Scott is now independent and owns Lighthouse IG working with a range of councils, government departments, charities and businesses looking to improve how they handle and make the most of their records and data.

As a volunteer Scott has also been Chair of the Information & Records Management Society (IRMS) for the last 3 years, leading the development of standards and resources for those ...

Read more

Learning Outcomes

  • Learn how to write a refusal notice
  • Take back a SAR exemptions toolkit to use within your organisation
  • Develop techniques to manage vexatious requests for personal data
  • Gain a firmer understanding of what the regulation says about the exemptions
  • Understand when the exemptions might be applied by working through practical scenarios
All the Understanding ModernGov courses are Continuing Professional Development (CPD) certified, with signed certificates available upon request for event.

Enquire About In-House Training

To speak to someone about a bespoke training programme, please contact us:
0800 542 9414
[email protected]


Collapse all
09:25 - 09:30


09:30 - 10:00

Trainers Welcome and Clarification of Learning Objectives

10:00 - 10:45

Understanding the Regulation: The Role of the Exemptions

  • Learn how to apply schedule 2-4 of the DPA 2018
  • Understand the key difference to other information rights exemptions
  • Gain a firmer understanding of what the Data Protection Act 2018 (DPA 2018) says about the exemptions
10:45 - 11:00


11:00 - 12:00

Overview of the Exemptions

  • Learn what exemptions apply to your organisation
  • Develop a more comprehensive overview of the exemptions
  • Understand how to apply exemptions for requests to third party data
  • Work through scenarios where the exemptions might be applied
12:00 - 13:00

Managing Vexatious Requests

  • Identify vexatious requests
  • Gain strategies and techniques on handling vexatious requests
13:00 - 14:00


14:00 - 14:45

Workshop Writing a Refusal Notice

  • Identify key points to include
  • Establish what to say and how to communicate it
  • Learn how to write a refusal notice
14:45 - 15:00


15:00 - 16:00

Workshop Applying the Exemptions

  • Review SAR requests and take part in an interactive session to apply the exemptions
  • Develop processes and procedures to better apply the exemptions
  • Take back a SAR exemptions toolkit to use within your organisation
16:00 - 16:15

Round Up and Key Takeaways