Subject Access Requests (SARs) Training Course
Subject Access Requests (SARs) are a legal mechanism allowing individuals to request access to the personal data an organization holds about them. Understanding how to handle SARs efficiently is crucial for compliance with data protection laws.
This instructor-led, live training (online or onsite) is aimed at intermediate-level to advanced-level compliance officers, legal teams, and data protection professionals who wish to ensure their organization’s SAR process is efficient, compliant, and risk-free.
By the end of this training, participants will be able to:
- Understand the legal framework governing SARs.
- Process SARs efficiently while maintaining compliance.
- Identify exemptions and limitations under data protection laws.
- Handle complex SAR scenarios, including third-party data.
- Implement best practices for SAR documentation and response.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.
Course Outline
Introduction to Subject Access Requests (SARs)
- What is a Subject Access Request?
- Legal basis and importance of SARs
- Overview of key regulations (GDPR, CCPA, etc.)
Legal Framework and Compliance Requirements
- Rights of data subjects under GDPR and other laws
- Timeframes and deadlines for responding
- Penalties for non-compliance
Processing a Subject Access Request
- Validating and verifying the requester's identity
- Locating and compiling requested data
- Ensuring secure data transmission
Handling Third-Party and Sensitive Data
- Identifying third-party information in SARs
- Applying redaction and anonymization techniques
- Balancing data access rights with privacy laws
Exemptions and Limitations
- When can an organization refuse a SAR?
- Exemptions for security, confidentiality, and legal privilege
- Managing excessive or unreasonable SARs
Best Practices for SAR Management
- Developing an internal SAR policy
- Creating a streamlined SAR response process
- Using technology to automate SAR handling
Case Studies and Practical Exercises
- Reviewing real-world SAR cases
- Simulating a SAR request and response
- Group discussion on SAR challenges and solutions
Summary and Next Steps
Requirements
- Basic understanding of data protection and privacy laws
- Familiarity with organizational data management policies
- Experience in handling customer or employee data (recommended)
Audience
- Data protection officers (DPOs)
- Compliance officers
- Legal and HR professionals
- IT and data management teams
Open Training Courses require 5+ participants.
Subject Access Requests (SARs) Training Course - Booking
Subject Access Requests (SARs) Training Course - Enquiry
Subject Access Requests (SARs) - Consultancy Enquiry
Consultancy Enquiry
Testimonials (2)
a lot of interaction with the trainer
Emilia - ATOS PGS sp. z o.o.
Course - RODO / GDPR - zmiany prawne, wprowadzenie teoretyczne, praktyczne aspekty
Machine Translated
I generally enjoyed the knowledge of the trainer.
Eddyfi Technologies
Course - GDPR Workshop
Provisional Courses
Related Courses
Digital and Architectural Accessibility Auditor
14 HoursGoals:
• Acquiring knowledge on how to conduct a digital and architectural accessibility audit;
• Familiarizing with the WCAG standard in version 2.1.
CDP - Certificate in Data Protection
35 HoursThere is a need to provide adequate training on the Data Protection Act 1998 "the Act" and its implications for both organisations and individuals. There are important differences between the Act and its predecessor, the Data Protection Act 1984. In particular, the Act contains important new obligations in relation to manual records and transborder data flows, a new notification system and amended principles. It is important to understand the Act in the European context.
Those experienced in data protection issues, as well as those new to the subject, need to be trained so that their organisations are confident that legal compliance is continually addressed. It is necessary to identify issues requiring expert data protection advice in good time in order that organisational reputation and credibility are enhanced through relevant data protection policies and procedures.
Objectives
The aim of the syllabus is to promote an understanding of how the data protection principles work rather than simply focusing on the mechanics of regulation. The syllabus places the Act in the context of human rights and promotes good practice within organisations. On attaining the certificate, award holders will possess:
- appreciation of the broader context of the Act
- understanding of the way in which the Act and the Privacy and Electronic Communications (EC Directive) Regulations 2003 work a broad understanding of the way associated legislation relates to the Act an understanding of what has to be done to achieve compliance a recognised qualification in data protection
Course Synopsis
The syllabus comprises three main parts, each with many sub-sections!
Context - this will address the origins of and reasons for the Act together with consideration of privacy in general. Law – Data Protection Act - this will address the main concepts and elements of the Act and subordinate legislation. Application - this will consider how compliance is achieved and how the Act works in practice.
Data Breach Management
14 HoursThis instructor-led, live training in Poland (online or onsite) is aimed at intermediate-level to advanced-level IT professionals and business leaders who wish to develop a structured approach to handling data breaches.
By the end of this training, participants will be able to:
- Understand the causes and consequences of data breaches.
- Develop and implement data breach prevention strategies.
- Establish an incident response plan to contain and mitigate breaches.
- Conduct forensic investigations and assess the impact of breaches.
- Comply with legal and regulatory requirements for breach notification.
- Recover from data breaches and strengthen security postures.
RODO / GDPR - zmiany prawne, wprowadzenie teoretyczne, praktyczne aspekty
14 HoursGDPR, i.e. the General Data Protection Regulation, is a legal regulation of the European Union introduced in May 2018, aimed at protecting the privacy and personal data of EU citizens. Here are some key points about the GDPR: The GDPR regulates how EU citizens' personal data is collected, stored, processed and transferred, giving them control over their data. Applies to all organizations that process personal data of EU persons, regardless of the location of these organizations. It provides a wide range of individual rights, such as the right to information, access to data, correction of data, deletion of data ("right to be forgotten"), data portability and objection to data processing. It imposes on organizations the obligation to ensure data security, consent to data processing, maintain data processing registers, and apply appropriate technical and organizational measures to protect data. It regulates the transfer of personal data outside the EU to third countries, requiring appropriate data protection measures. In some cases, organizations are required to appoint a Data Protection Officer to oversee compliance with GDPR regulations. GDPR aims to provide greater protection for privacy and personal data, and organizations are obliged to comply with these regulations to ensure an adequate level of protection for the personal data of their users and customers.
GDPR Workshop
7 HoursThis one-day course is for people looking for a brief outline of the GDPR – General Data Protection Regulations coming out May 25, 2018. This is ideal for managers, department heads, and employees who need to understand the basics of the GDPR.
How to Audit GDPR Compliance
14 HoursThis course is developed primarily with focus on auditors and other administrative roles who are
tasked to ensure compliance of their control systems and IT environment with prevailing laws and
regulations. The course will begin by giving understanding of key GDPR concepts as well as how it is
going to affect the work performed by auditors. Participants will also explore data subjects rights,
data controllers and processors obligations, and enforcement and compliance notions in the
context of the Regulation. The training will also cover the audit program provided by ISACA that will
enable auditors to review GDPR governance and response mechanisms as well as supporting
processes which can help manage the risk associated with noncompliance.
GDPR Advanced
21 HoursThis is more in-depth and would be for those working a great deal with the GDPR and who may be appointed to the GDPR team. This would be ideal for IT, human resources and marketing employees, and they will deal extensively with the GDPR.
Personal Data Protection Officer - Basic Level
21 HoursPurpose of the Training
- Acquainting the audience with systematized, comprehensive issues of the functioning of personal data protection on the basis of Polish and European law
- Providing practical knowledge about the new rules for the processing of personal data
- Presentation of the areas of the greatest legal risks in connection with the entry into force of the GDPR
- Practical preparation for independent performance of the duties of a Personal Data Protection Officer
Personal Data Protection Officer - Advanced Level
14 HoursPurpose of the Training
- Gaining practical knowledge on how to perform the tasks of the Inspector
- Gaining practical knowledge of how to audit and how to assess risk
- Providing practical knowledge about the new rules for the processing of personal data
WCAG 2.1. and Digital Accessibility
7 HoursObjectives:
• Familiarization with the requirements of the WCAG 2.1 standard;
• Gaining knowledge about digital accessibility;
• Learning how to properly design accessible websites