Subject Access Requests and GDPR
Under the current UK Data Protection Act, you might already be familiar with the notion of a Subject Access Request (SAR) and have a defined a process for dealing with them.
However, are you aware that the GDPR brings additional rights to individuals?
- As organisations will no longer be able to charge an Administration Fee (with limited exceptions), it is anticipated that, when the GDPR is implemented on 25th May 2018, it will result in a dramatic increase in the number of SARs being invoked across the private, public, not-for-profit and charity sectors.
- Organisations will have to both acknowledge and respond to the SAR as soon as possible and no later than 30 days.
If your organisation does not have a defined process for dealing with SARs, we recommend that you prioritise implementing one as soon as possible and here's why:
- If organisations fail to comply with SARs, they increase the risk of being reported to the supervisory authority which could incur inspection from the ICO, expose additional non-compliance of the GDPR resulting in potential fines but more importantly reputational damage.
GDPR SAR Management Software
The SAR Management dashboard quickly shows you the progress and status of your current Subject Access Requests and prompts you for the next action at each step.
PYXI firmly believe that you should not treat the process of responding to SARs as a hindrance, but you should actually build this into your customer service activities as a competitive differentiator to build trust, drive customer loyalty and protect the reputation of your brand.
PYXI for GDPR provides organisations with a simple and efficient solution for managing the SAR process.
More Detail about PYXI Software for GDPR
Keeping Track of Personal Data in your Organisation
Read more about how PYXI stores information about your Personal Data records for Article 30 here: Article 30 Record Keeping
Managing Subject Access Requests
Read about how we help you to manage Subject Access Requests in your organisation: GDPR Subject Access Requests
Managing Data Breaches for GDPR
Read how we help with managing Data Breaches for GDPR: GDPR Data Breach Management
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
Enforcement Notice For Not Responding To A Subject Access Request
Ainsworth Lord Estates Limited has been served an enforcement notice for not responding to a Subject Access Request. A Lancashire-based business, Ainsworth Lord Estates Limited, has been served an Enforcement Notice by the Information Commissioner... click to read more