GDPR Software

Help

GDPR SAR


This page is where you can obtain the code to add our forms to your website.  Click the button 'Include This Form On Your Website' which provides you with your code snippet and tells you how to authorise your code. You MUST authorise your website first, or the code will not work.

This GDPR Subject Access Requests page displays a list of all data subjects who have submitted a request.

When a request gets submitted we automatically create an entry in the Register called 'Requests for Data' which is where you manage these requests. We also create an action to ensure you don't miss the deadline of responding (within 30 calendar days) and remind you at 20 days after the request was made.  You can also monitor, track and close out your inbound requests in this Register..

Additional Information taken from the ICO's website, which may help you understand what you are required to do:

Personal data of the individual
An individual is only entitled to their own personal data, and not to information relating to other people (unless the information is also about them or they are acting on behalf of someone). Therefore, it is important that you establish whether the information requested falls within the definition of personal data. For further information about the definition of personal data please see our guidance on what is personal data.
 
Other information
In addition to a copy of their personal data, you also have to provide individuals with the following information:
 
  • the purposes of your processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient you disclose the personal data to;
  • your retention period for storing the personal data or, where this is not possible, your criteria for determining how long you will store it;
  • the existence of their right to request rectification, erasure or restriction or to object to such processing;
  • the right to lodge a complaint with the ICO or another supervisory authority;
  • information about the source of the data, where it was not obtained directly from the individual;
  • the existence of automated decision-making (including profiling); and
  • the safeguards you provide if you transfer personal data to a third country or international organisation.

You may be providing much of this information already in your privacy notice.