What is this thing called a SAR and why you should care?
Published on: 10th May 2018
By PYXI GDPR Team
A SAR is a Subject Access Request.
Under GDPR, any human being that resides in the EU can invoke a request to your organization asking to provide the personal details you are holding, storing (processing).about them.
Your organization needs to be prepared to be able to respond to the receipt of a SAR for the following reasons:
- If it's a valid request you have 30 days to provide a response to the individual that has raised the SAR
- Unlike life before GDPR, the cost to an individual to raise a SAR is a big, fat ZERO versus the current cost of a £10 admin fee - the expectation is that SARs will increase by a truly exponential rate - the world is full of malicious individuals, disrgruntled employees and competitors who have a motive to discredit your company.
- If your organization does not have a process to deal with SARs you face the risk of being whistleblown, which could result in an investigation from the ICO that might uncover additional issues around GDPR compliance.
PYXI GDPR Team: 10th May 2018 21:41:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
Equifax fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017
The ICO’s probe, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency which led to personal information being retained for longer than necessary and vulnerable to unauthorised acces... click to read more