Subject Access Requests and GDPR
Under the previous UK Data Protection Act, you may have already been familiar with the notion of a Subject Access Request (SAR) and had a defined a process for dealing with them.
However, are you aware that the GDPR brings additional rights to individuals?
- As organisations are no longer able to charge an Administration Fee (with limited exceptions), it is anticipated the implementation of GDPR on 25th May 2018 will result in a dramatic increase in the number of SARs being invoked across the private, public, not-for-profit and charity sectors.
- Organisations will have to both acknowledge and respond to the SAR as soon as possible and no later than 30 days.
If your organisation does not have a defined process for dealing with SARs, we recommend that you prioritise implementing one as soon as possible and here's why:
- If organisations fail to comply with SARs, they increase the risk of being reported to the supervisory authority which could incur inspection from the ICO, expose additional non-compliance of the GDPR resulting in potential fines but more importantly reputational damage.
GDPR SAR Management Software
The SAR Management dashboard quickly shows you the progress and status of your current Subject Access Requests and prompts you for the next action at each step.
PYXI firmly believe that you should not treat the process of responding to SARs as a hindrance, but you should actually build this into your customer service activities as a competitive differentiator to build trust, drive customer loyalty and protect the reputation of your brand.
PYXI for GDPR provides organisations with a simple and efficient solution for managing the SAR process.
More Detail about PYXI Software for GDPR
Keeping Track of Personal Data in your Organisation
Read more about how PYXI stores information about your Personal Data records for Article 30 here: Article 30 Record Keeping
Managing Subject Access Requests
Read about how we help you to manage Subject Access Requests in your organisation: GDPR Subject Access Requests
Managing Data Breaches for GDPR
Read how we help with managing Data Breaches for GDPR: GDPR Data Breach Management
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
Equifax fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017
The ICO’s probe, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency which led to personal information being retained for longer than necessary and vulnerable to unauthorised acces... click to read more