Subject Access Requests (SARs), also known as Data Subject Access Requests (DSARs), are simply written requests made by or on behalf of data subjects to determine whether processing is occurring of their personal data and to be given access to the personal data that is being processed by the business. These requests may cover additional information and there are other rights that a data subject may exercise under this process. Your business is likely to notice an increase in these types of requests now that the GDPR has simplified the process and removed barriers such as charging a fee to make the requests. Sets of rules around these requests and exercising of other rights can be quite complex to navigate through. All these requests should be channelled through your data protection officer and they should ultimately deal with them on behalf of your business. I provide procedure development consulting, training and support for subject access requests.
SUBJECT ACCESS REQUESTS