A Practical Guide to Managing GDPR Subject Access Requests

How should your company respond to requests from people who want to access their personal data?

GDPR gives individuals the right to access and seek a copy of all of the personal data your company holds on them. This may include access to emails, call recordings, CCTV footage and any other record containing their personal data.

A recent study showed that companies spend up to £1.58 million per year dealing with GDPR Data Subject Access Requests. The Information Commissioner’s Office receives more complaints on Access Requests than any other issue.

Access Requests are a legal minefield. If Access Requests are mishandled, they can leave companies open to fines, litigation and reputational damage.

This book explains how to comply with Access Requests under GDPR including:

• Recognising Access Requests
• Understanding the rules and time limits
• Finding the data
• Redacting the data
• Understanding the exceptions to Access Requests
• Dealing with Access Requests from your own employees
• Drafting a company policy on Access Requests
• Training Staff on Access Requests