FYI & Tkm Course Catalogue
Handling Data Subject Access Requests
Handling Data Subject Access Requests
Price excluding VAT
If you are booking multiple delegates on a course, please add their contact details to the order notes.
Couldn't load pickup availability
Product Overview
- An intermediate level course on handling data subject access requests within your organisation.
- One day course delivered live online from 09:30 to 16:30
- Topics include recognising data subject access requests, handling a request, the information search, withholding information and other rights, as well as what happens when things go wrong.
- Please note, for international orders, shipping will be calculated at checkout.
For further course information, please contact us.
Course Level
Intermediate: Content is broadly equivalent to learning at a level 5 to 6 on the SCQF.
We recommend that attendees have some foundation knowledge of data protection before attending. So a quick introduction we would recommend our bitesize Essentials Collection courses on data protection and freedom of information. These can be purchased separately or together as a bundle at a discounted rate.
Course Overview
This course is designed to support colleagues who are actively involved in handling Subject Access Requests and who already possess a good general understanding of data protection law.
Article 15 of the UK GDPR (and for personal data processed for law enforcement s.45 Data Protection Act 2018) provide wide ranging rights of access to personal data. The course explores the scope of subject access rights and looks at the practicalities of complying with requests, ICO guidance and best practice.
Course content
Key concepts and law
Key concepts, definitions and understanding what information is in scope of a SAR. Contents of ICO guidance. Overview of other subject rights.
The information search
Conducting a robust but proportionate information search. Narrowing the request. Search audit trail.
Handling requests
Checking ID. Third party requests. Tracking, monitoring and managing the process. Timescales. The information search. Content of responses. Rights of appeal to the Information Commissioner.
Exemptions and redactions
Overview of key exemptions from the rights of access in the Schedules of the Data Protection Act 2018, the concept of manifestly unfounded and excessive requests and the practicalities of redaction.