Four practical tips for complying with a Data Subject Access Request

Subject Access Requests (SARs) are becoming more common. Individuals are now better aware of their right to request personal data and will exercise that right more readily, whether out of concern for their own privacy or as a means of seeking an edge in litigation. If you want to know more about how to deal with SARs, take a look at our practical tips below:

1. Manage the time

Diarise the time limit for compliance with the SAR (currently 40 days), and keep your resourcing under review as the project progresses. It can also help to diarise earlier milestones – for example, target dates for completing the review of different “tranches” of documents and target dates for completing different stages of the Electronic Discovery Reference Model (download our white paper for more information on the EDRM).

2. Improve your organisation’s information governance

As you work through the EDRM, try and identify ways to improve your organisation’s information governance for future cases (find guidance on how to do so in our white paper).

3. Keep a record of the documents you disclose

 Included should be (if applicable) a detailed methodology setting out what search terms you used, how you filtered data and what redactions you applied. (An eDiscovery platform can save and reproduce these records quite easily.) This can be useful if the individual raises a challenge in the future.

4. Speak to an expert

If necessary, seek specialist advice from an eDiscovery service provider or lawyer (or both).

This blog is an excerpt from our latest white paper ‘Subject Access Requests: how to ensure compliance and save costs’. Click here to download the full white paper for more practical guidance on how to manage SARs.

February 22nd, 2017|