What is this thing called a SAR and why you should care?
Published on: 10th May 2018
By PYXI GDPR Team
A SAR is a Subject Access Request.
Under GDPR, any human being that resides in the EU can invoke a request to your organization asking to provide the personal details you are holding, storing (processing).about them.
Your organization needs to be prepared to be able to respond to the receipt of a SAR for the following reasons:
- If it's a valid request you have 30 days to provide a response to the individual that has raised the SAR
- Unlike life before GDPR, the cost to an individual to raise a SAR is a big, fat ZERO versus the current cost of a £10 admin fee - the expectation is that SARs will increase by a truly exponential rate - the world is full of malicious individuals, disrgruntled employees and competitors who have a motive to discredit your company.
- If your organization does not have a process to deal with SARs you face the risk of being whistleblown, which could result in an investigation from the ICO that might uncover additional issues around GDPR compliance.
PYXI GDPR Team: 10th May 2018 21:41:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more