Subject Access Request Training under EU General Data Protection Regulation

Under the GDPR, Data Subjects have the right to request a copy of all information an organisation retains on them, providing that the data exists. This is known as a Subject Access Request.
SAR training will give individuals the information they need to set up an effective SAR handling process in their organisation, and it will look at how to avoid the common pitfalls that arise which include:

• Introduction
  • Understanding the rights of individuals to access
  • How a request should be made
  • How to respond to a SAR
  • What falls within the law
    • How to conduct searches
    • Dealing with 3rd party data
• Exceptions
• Handling 3rd Party Requests
• Preparing the formal reply
• Guidance from Data Protection Commissioner (DPC) and article 29 working party
• How to handle complaints
• Determining whether a valid request has been made
• Liaising with the applicant to clarify the request
• Analysing whether particular manual (paper) records fall within the law
• Setting parameters for the search for information and collating the results
• Establishing whether the retrieved information is personal data
• Dealing with third party information
• Applying the relevant exemptions
• Presenting the response to the applicant including how to redact documents
• Managing dissatisfied recipients
• How to deal with an investigation
• Staff awareness and training

Who should attend

This course is suitable for Individuals, Company Secretaries, Directors, Compliance Officers, HR staff, Legal Advisors, IT Administrators or Managers and anyone with a responsibility for managing data or advising on data protection issues.

This is a comprehensive one-day course which will show you how to comply with the new EU GDPR Regulations and what will change from the existing legislation. The course will explain the new rules regarding the legal basis for processing, consent, privacy notices, control of personal data, mandatory breach reporting, complaints and penalties as well as practical guidance on what organisations can do to remain compliant.

What you will learn

• Identify the Rights of a Data Subject
• Enforced Subject Access under Irish DPA. What is it?
• SAR complexities and best practices
• What constitutes a SAR under the new EU GDPR
• Recognise and process a valid SAR
• Managing SAR complaints
• Identify objections and exceptions when processing SARs
• Dealing with Third Party information
• Incorporate SARs into your operational 'business as usual' processes
• Discuss 'Right to be forgotten' concept
• Understand what 'data portability' is and how it applies to your organisation
• Discuss the term 'Profiling' under the new Regulation

Benefits

Your organisation will save time through efficient processing and response procedures and reduce risk of non-compliance with legislation or customer complaints. Pitfalls resulting from non-compliance can also be avoided.

The course content will offer plenty of examples to assist in implementing a sound process to deal with a wide range of SARs.

By adopting best practices you develop a process for managing SARs which can be adopted into your organisations daily operations.

If for any reason you need to cancel your place on the course, please ensure you are aware of our cancellation policy.