Responding to a Subject Access Request (SAR)

United Kingdom January 23 2019

Any individual can make a Subject Access Request (SAR) under the General Data Protection Regulation 2016/679 (GDPR) to any organisation (data controller) that holds his or her personal data. Since the introduction of the GDPR, an increasing number of individuals are exercising their right to request information from organisations and other data subject rights.

Responding to a SAR

It is important for a company to ascertain all the various sources where personal data is held and to ensure that their data systems are easily searchable in order that responses to SARs can be managed efficiently. Businesses should be aware that the time limit for responding to SARs is one month and ensure that their procedures enable them to respond to the request within this timescale. The SAR needs to be assessed to consider whether any exemptions may apply and whether any personal data may be withheld.

BDB Pitmans LLP - Michelle Clancy

Save & file
View original
Forward
Print
Share
Follow
Please login to follow content.
Like
Instruct

Register now for your free, tailored, daily legal newsfeed service.

Responding to a Subject Access Request (SAR)

Filed under

Laws

Popular articles from this firm

A big fine and downgrading for Tesco? *

How should hospitality managers and property owners handle property damage caused by guests? *

Big Data: legal implications of the revolution of data analytics *

The Effect of Technology on Directors’ Duties *

Sound-alike songs: blurring the lines *

Related practical resources PRO

Related research hubs