A Subject Access Request (SAR), also known as the right of access, gives individuals the right to obtain a copy of all the personal data your business holds on them.  This personal data can include various identifiers, such as:

  • Name
  • Identification number
  • Location Data
  • As well as an online identifier

A Subject Access Request can be made verbally, in writing or via social media, and a business has one month to deal with the request.  The request can be made to any employee, therefore it is a good idea to ensure those customer facing staff at least, have some training.

Individuals have the right to obtain information such as:

  • Confirmation that your business is processing their personal data
  • A copy of their personal data
  • Why you’re processing it
  • The retention period for storing their information
  • Information on the source of the data
  • The safeguards you provide if you transfer their personal data.

You can also find further and more detailed reading on the Information Commissioner’s Office website.

Subject Access Requests and Document Management

Documentation may account for a large portion of the information you hold on an individual, whether that be their CV, contract, training records or disciplinary meeting notes.  How easily would your business cope with a request for all this information?  Would you need to search across your server, other software, paper files or even people desks?

Document management software can keep confidential information in a secure, central location.  A simple text search for the individual who has made the access request can be carried out, with results brought back in seconds.  These documents can then be downloaded by a user with download rights, and presented to the individual who made the request.

Document management software can also put retention policies in place, to comply with GDPR and other legal requirements.  An individual may also want to know how long your business is legally allowed to keep their data, so with retention rules in place, you could easily show this. Access can be restricted to authorised users only, with a full audit trail of who has accessed what document went, as well as any changes that could have been made.

Get in touch with DocTech to discuss any requirements you may have.