Subject Access Requests – what should you do?

It’s just part and parcel of modern life that a lot of organisations hold electronic data about us. Data can lurk in many places, whether in databases, accounting software, spreadsheets, electronic documents or emails. Many smaller organisations, whether charities or SME’s, have taken the approach that they are too worthy or too small for the Information Commissioners Office to be interested in them. Maybe you work or volunteer for one of these organisations? 

We all know that our data is valuable and needs protecting. Many good organisations store data about people to help make their interactions easier…but there are always others who have other intentions…

Sometimes, smaller organisations don’t fully understand their legal responsibilities about how to handle requests (Subject Access Requests – or SAR’s) from members of the public. Bulk SAR requests have also hit some of our prospects, but that is only anecdotal. So what happens if you receive a request from someone asking what data you hold about them?

What could you do? What should you do?

You could do nothing. The law says you have 30 days to respond and failure to handle SAR’s in time can lead to a fine from the ICO. Doing nothing is not an option, so what should you do?

First you have to check that the request for the data is legitimate. Are they really are who they say they are and do they have a right to know the information? How much information should you send?

When it comes to responding, you have to send that information securely to the individual. You can’t just email it. What if you send the email containing the information and it is intercepted by someone trying to find out sensitive personal details? There are big fines for releasing data insecurely! If you have not adequately prepared then you may find that you have to divert resources away from your main business.

This is where Compliance Compendium software can help. Our secure software guides you through a simple step-by-step process to handle all requests quickly efficiently and in a legally compliant way and allows you to show exactly what you have done should the Information Commissioner’s Office come knocking! Our software has a lot of other cool useful features too.

And because we help the not-for-profit sector we have made it affordable for even the smallest organisations, and simple to use for people not used to handling information requests. We even offer a free 30-day trial to see if it’s for you, what could be easier?  

So, don’t risk it … and don’t get caught out.  Get compliant, stay compliant, with Compliance Compendium!

Leave a Reply

Your email address will not be published. Required fields are marked *