Data subjects have a “right of access” under data protection law which gives them the right to obtain a copy of their personal data from organisations that process it. These requests are commonly referred to as data subject access requests or DSARs. DSARs can take up a huge amount of resource, particularly where organisations don’t have robust processes to deal with them or the experience to know how to handle them. The UK’s data protection regulator, the Information Commissioner’s Office, can also take action – including fines and other sanctions – against organisations if data subject rights are not properly observed. Failure to deal properly with a DSAR could also create reputational risk for an organisation.
Our DSAR Masterclass takes you through the lifecycle of a request, exploring key concepts such as:
- deadlines and extensions;
- when you can refuse to respond to a request;
- how to identify material relevant to a request;
- applying exemptions and redactions;
- responding to the data subject.
We use scenarios drawn from real life experiences to explore these issues, including the human rights balancing test that must be undertaken when considering whether to disclose or redact third party personal data. Sessions are interactive and can be tailored to address specific concerns that an organisation might be facing.
By the end of the session, participants will be better able to:
- Spot a DSAR
- Navigate the exacting timeframes
- Protect their organisation by deploying exemptions/redactions in a credible, robust and pragmatic way
- Put together a response that minimises legal risk, saving time and resource.