HOW TO HANDLE A SAR UNDER GDPR

HOW TO HANDLE A SAR UNDER GDPR

Andrew Bell Andrew Bell

Andrew Bell

Unemployed - Community leader / Game Tester

发布日期: 2018年8月3日
+ 关注

We have noticed a sudden increase in the number of companies receiving a SAR and thought you’d like some clues on how to handle one.

First - don’t panic! It can be quite scary when you first open the SAR email but these are really nothing to be afraid of. If you have completed your GDPR prep on Optindigo you should be in a good position to respond. Make sure you log the request with the date you received it and for goodness sake don’t forget it!

Second - check their identity. Some people will include ID documents in their request [be careful with these - more about this later] - otherwise, it is perfectly reasonable to request ID info so you can confirm that they are who they say they are.

Third - now that you have their ID [make sure you return it] you should process the SAR and extract the info they have requested. Watch out for excessive demands, you only need to provide a reasonable level of detail. An individual is only entitled to their own personal data, and not to information relating to other people. In addition to a copy of their personal data, you also have to provide individuals with the following information:

  1. The purposes of your processing
  2. The categories of personal data concerned
  3. The recipients or categories of recipient you disclose the personal data to
  4. Your retention period for storing the personal data or, where this is not possible, your criteria for determining how long you will store it
  5. The existence of their right to request rectification, erasure or restriction or to object to such processing
  6. The right to lodge a complaint with the ICO or another supervisory authority
  7. Information about the source of the data, where it was not obtained directly from the individual
  8. The existence of automated decision-making (including profiling)
  9. The safeguards you provide if you transfer personal data to a third country or international organisation

Click here to read the full article on Optindigo!

Visit Optindigo sign-up for free and take a look at the free 10 Step Plan, Blogs, and Online Task Manager, and explore our GDPR compliance packages.

Click here: https://optindigo.com/sqFnri and claim a 10% discount.

要查看或添加评论,请登录

Andrew Bell的更多文章

  • WHY CHOOSE OPTINDIGO FOR YOUR GDPR PREP?
    2018年10月25日

    WHY CHOOSE OPTINDIGO FOR YOUR GDPR PREP?

    If you have not completed your GDPR preparation yet, here are a few good reasons to do it now! Optindigo makes GDPR as…

  • GDPR STAFF TRAINING
    2018年10月23日

    GDPR STAFF TRAINING

    Training your staff about GDPR is absolutely vital! You don’t necessarily need to teach them about the 99 Articles or…

    1 条评论
  • GDPR FOR SMALL BUSINESS
    2018年10月22日

    GDPR FOR SMALL BUSINESS

    Let’s be honest, nobody really wants to complete their GDPR. If you are running your own business you are busy, really…

  • DIY GDPR OR BESPOKE SOLUTION?
    2018年10月18日

    DIY GDPR OR BESPOKE SOLUTION?

    Here at Optindigo, we recognise that GDPR is pretty complicated, confusing and can result in a huge pile of…

  • Do I Really Need To Do GDPR?
    2018年10月15日

    Do I Really Need To Do GDPR?

    Feel like you are between a rock and a hard place with your GDPR? Not sure you need to do it? Or just can’t be…

  • DON’T IGNORE STAFF TRAINING!
    2018年10月11日

    DON’T IGNORE STAFF TRAINING!

    A GDPR breach is time-consuming, stressful and a major distraction for any company, never mind the reputation damage…

  • Why Use Optindigo For GDPR?
    2018年10月10日

    Why Use Optindigo For GDPR?

    We understand that nobody wants to deal with GDPR - you're busy and it means a lot of work. Even if you buy a set of…

  • YOUR WEBSITE DOESN'T MAKE YOU GDPR COMPLIANT
    2018年10月8日

    YOUR WEBSITE DOESN'T MAKE YOU GDPR COMPLIANT

    Let me start by saying that there is no such thing as GDPR magic. Just by updating your website or installing a new CRM…

  • GDPR: What You Need To Know
    2018年9月27日

    GDPR: What You Need To Know

    Considered the most important development in data privacy regulation in two decades, the General Data Protection…

  • ICO Registration Is Not GDPR Compliance
    2018年9月27日

    ICO Registration Is Not GDPR Compliance

    There is lots of discussion about what GDPR compliance actually means. There is no absolute set of measures that can be…

社区洞察

其他会员也浏览了