What is this thing called a SAR and why you should care?

Published on: 10th May 2018
By PYXI GDPR Team


A SAR is a Subject Access Request.

Under GDPR, any human being that resides in the EU can invoke a request to your organization asking to provide the personal details you are holding, storing (processing).about them.

Your organization needs to be prepared to be able to respond to the receipt of a SAR for the following reasons:

  1. If it's a valid request you have 30 days to provide a response to the individual that has raised the SAR
  2. Unlike life before GDPR, the cost to an individual to raise a SAR is a big, fat ZERO versus the current cost of a £10 admin fee - the expectation is that SARs will increase by a truly exponential rate - the world is full of malicious individuals, disrgruntled employees and competitors who have a motive to discredit your company.
  3. If your organization does not have a process to deal with SARs you face the risk of being whistleblown, which could result in an investigation from the ICO that might uncover additional issues around GDPR compliance.

 

 

 

 

 

 

PYXI GDPR Team: 10th May 2018 21:41:00