Subject Access Requests and GDPR

Under the current UK Data Protection Act, you might already be familiar with the notion of a Subject Access Request (SAR) and have a defined a process for dealing with them.

However, are you aware that the GDPR brings additional rights to individuals?

  • As organisations will no longer be able to charge an Administration Fee (with limited exceptions), it is anticipated that, when the GDPR is implemented on 25th May 2018, it will result in a dramatic increase in the number of SARs being invoked across the private, public, not-for-profit and charity sectors.
  • Organisations will have to acknowledge the SAR within 72hrs and respond to the SAR as soon as possible and no later than 30 days.

If your organisation does not have a defined process for dealing with SARs, we recommend that you prioritise implementing one as soon as possible and here's why:

  • If organisations fail to comply with SARs, they increase the risk of being reported to the supervisory authority which could incur inspection from the ICO, expose additional non-compliance of the GDPR resulting in potential fines but more importantly reputational damage.

PYXI firmly believe that you should not treat the process of responding to SARs as a hindrance, but you should actually build this into your customer service activities as a competitive differentiator to build trust, drive customer loyalty and protect the reputation of your brand.

PYXI for GDPR provides organisations with a simple and efficient solution for managing the SAR process.

Breach Notification