How to Log a Subject Access Request
There are a number of the Staff Intranet related to Subject Access Requests (SARs)
Cranstoun Group - SAR Policy Document
Subject Access Request DPO Assessment Form
Template Reply to Data Subject
However at the time of writing this document, these are under review due to the introduction of the Helpdesk they are being rewritten because the Helpdesk process should streamline some of the process.
The key stages of a Subject Access Request are:
1. Request received from Subject (or a third party), can be verbal, written or via email/social media.
2. Request logged formally with Data Protection Lead (DPL) (via Helpdesk).
3. Identification and Authorisation Confirmed and Approved.
4. Respond to the Subject confirming timescales, and request any clarification required.
5. Collate information required and redact as appropriate.
6. Content reviewed by Manager/Team Leader and redaction confirmed as appropriate.
7. Redaction sheet forwarded to DPL
8. Redaction approved
9. Documents released to Subject (or 3rd Party) - must generally occur with 1 calendar month from request.
The Policy and other documents will guide you through the full process.