• Gdpr
  • September 15, 2021

How to Run a Data Subject Access Request (SAR)

lawbite

By Lawbite Team

Get Quote Free Legal Help
article
Whether you are a small, medium, or large organisation, receiving a subject access request (SAR) or data subject access request (DSAR) and handling it in the correct manner can be extremely time-consuming for your staff.  


What is a SAR or DSAR?


The Data Protection Act 2018 states that data subjects have the right to ask organisations if they are holding and/or processing personal data concerning them and, if so, to request details on and access to that information. 


What is included in a Data Subject Access Request response?


When responding to a SAR/DSAR, it is not enough just to send copies of the information held on the requesting person.  Rather, the law states that more information should be provided within the response, including:

  • what you are doing with the data and why
  • the legal basis for storing the personal data
  • the types of personal data used
  • who the personal data has been passed to (including recipients or categories of recipients in third countries or international organisations)
  • how long it is expected that the personal data will be stored or, where that is not possible, the criteria used to determine that period
  • the existence of the data subject’s rights to request from the controller


How to run a Data Subject Access Request?


You will typically have one month to respond to a request, however, it is possible to extend this period to two months if the information required is particularly complex. There are several steps in processing a DSAR request:

  1. check the identity of the requestor and ensure they have legal permission to make the request.
  2. clarify the request if it is not clear - this will provide some reassurance to the requestor that you are handling the case.
  3. identify all forms of personal data held on the data subject by the organisation.
  4. check if any of the information held is subject to exemption (e.g. data relating to safeguarding or national defence).
  5. ensure that any data is securely disclosed (especially where it is sent by electronic means).
  6. keep and retain records of the decision made and the information provided.


You can get legal assistance from LawBite


If you are unsure if you should respond to a SAR and, if so, how to complete the process to the letter of the law, speak to one of the data privacy Solicitors at LawBite, who will quickly assist you and help you make sure you are GDPR compliant. Book your free 15-minute consultation here.

Visit our GDPR packages page to learn more about LawBite’s products, specially designed to help businesses of all sizes address their obligations under the GDPR specifically, using expert UK data protection lawyers at a fraction of the usual cost.


Additional useful information

How to Gain Consent Under the GDPR

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.



Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • November 08, 2021
Who Needs a Data Representative in the EU for GDPR Compliance?

Obtaining a GDPR Data Representative in the EU for GDPR compliance is an important consideration that you, as a business owner, must think about.  ...


Gdpr
blog image
  • By Lawbite Team
  • September 20, 2021
How to Gain Consent Under the GDPR

Even several years after the introduction of the General Data Protection Regulations (GDPR) in 2018, there is still a lack of understanding about h...


Gdpr
blog image
  • By Lawbite Team
  • September 15, 2021
What are the Privacy and Electronic Communications Regulations 2003?

In the era of digital communication and big data, it is more important than ever to protect the rights and privacy of customers, whether these are ...


Gdpr

LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Get Quote

Start
defend a claim

Essentials Plan