A data subject access request (SAR) is a legal right for individuals to access the information that an organisation holds about them.

Recent data protection legislation has had a significant impact on how organisations manage and respond to data subject access requests (SARs). The abolition of the £10 administration fee, reduced timescale for responding to a SAR, and higher fees for not complying; all pose significant challenges to how organisations manage SARs.

This Complying with Data Subject Access Requests course has been specifically designed to help you to identify and manage SARs. Through a series of interactive workshops, gain hands on experience at understanding the latest legislation on SARs; identifying and managing SARs, and applying the exemptions.

Attend this training course to take back a SARs handling toolkit to ensure that you and your organisation successfully comply and respond to a SAR.

About the Chair: Paul Gibbons
Paul Gibbons is a leading expert in information rights and management with many years experience in the field. With a background in the pharmaceutical industry, Paul then became the first Parliamentary Records Manager, and later prepared the Mayor of London for the implementation of the Freedom of Information Act. His experience also covers working for a London Healthcare Trust and a college of the University of London.

Paul has subsequently worked as an information governance manager, managing compliance with the Data Protection Act and other legislation in the NHS and in higher education. Since 2010 he has been writing the respected FOI Man blog and now provides training and consultancy in information rights and management to the public sector and beyond. He has become well known in the UK public sector and beyond and is regularly asked to speak and write about information rights.

09:15 - 09:45

Registration

09:45 - 10:00

Trainer’s Welcome and Introductions

10:00 - 10:45

Workshop I: Understanding the Latest Legislation on SARs

Gain a brief overview of Data Subjects Access Requests, under GDPR and Data Protection Act 2018.

  • Ascertain what the GDPR and DPA Act 2018 say about SARs
  • Learn how to reconcile conflicting legislation
  • Understand the reduced time frames
  • What personal information is covered
10:45 - 11:00

Morning Break

11:00 - 12:00

Workshop II: Identifying and Managing SARs

  • Ensure the subject access request is valid
  • Train your staff to identify a SAR
  • Prepare your staff to take a SAR through different mediums: phone, email, letter or form
  • Gain senior buy-in to ensure your organisation has effective procedures in place to manage SARs
  • Develop strategies to manage the increase of SARs
  • Learn the tools to verify the data subjects identify
  • Establish proof of authority
12:00 - 13:00

Workshop III: Applying the Exemptions

  • Understand the exemptions in the DPA Act 2018
  • Identifying and managing vexatious requests
  • Understand how to conduct a public interest test
  • Know what information to include in a refusal notice
  • Understand what tools are available for managing SARs
13:00 - 14:00

Lunch

14:00 - 14:45

Workshop IV: Requests for Third Party Personal Data

How to deal with requests for personal data relating to third parties without harming individual’s rights.

  • Data protection considerations
  • The public interest factors
  • Sensitive personal data
  • Establish what information should never be disclosed
14:45 - 15:00

Afternoon Break

15:00 - 16:00

Workshop V: Design a SARs Handling Toolkit

  • The role of a Data Protection Officer in managing a SAR
  • Examine bad and best practice examples
  • Learn what information to include when responding to a SAR
  • Avoid data breaches by removing other individual’s data
  • Develop recording procedures to monitor the process of the SAR request

Radisson Blu Hotel – Edinburgh

80 High St
The Royal Mile
Edinburgh
EH1 1TH

0131 557 9797

radisson-blu

Q: Can I make a provisional booking?

A: Unfortunately, we do not accept provisional bookings. Registrations are subject to our terms and conditions. View terms and conditions here

Q: Can I book without a purchase order number?

A: Yes. Simply email [email protected] after you have booked the course, with your Purchase Order Number. Please quote your order number and the course you are booked onto.

Q: Is lunch included?

A: Yes, a two-course hot buffet is served at lunch. Tea and coffee are served throughout the day.

Q: I have special dietary requirements, how can I request this?

A: Special dietary requirements can be catered for, please ensure you include this in the further information box when registering your place. If you have forgotten to add this, you can also send your requirements to [email protected] or call 0800 542 9440. Please let us know as soon as possible so we can ensure your needs are met.

Q: I have just registered for the course, when will I receive the joining instructions?

A: You will receive the joining instructions and reminders, 2 weeks, 1 week and 3 days before the course date. Please check your spam box to see whether the joining instructions were sent there, if not please call 0800 542 9440 so we can have these sent to you immediately.

Q: I can no longer attend the course, can a colleague attend in my place?

A: Substitutions may be made at any time but must be made no later than 48 hours prior to the event. Please call 0800 542 9440 or email [email protected] with the replacement's details.

Q: What is your cancellation policy?

A: Cancellations must be received in writing 30 working days before the date of the event and will be subject to a £195+VAT administration fee. Cancellations received after this time will be subject to the full delegate fee.

Q: Why haven’t I received the speaker’s presentation?

A: Speakers presentations are sent a week after the event date. Please contact a member of the UMG team on 0800 542 9440 or [email protected] if it has been more than a week.

Q: Will there be WI-FI?

A: Yes, all our venues have the latest technology, offer full audio visual support and WI-FI.