The processes for applying a Subject Access Request (SAR) will change very little with the launch of the General Data Protection Regulation (GDPR), on 25th May 2018. However, the procedure for providing a reply is a little changed.
It is important for organizations and businesses to be conscious of these alterations, as if they don’t abide by GDPR they might be at the receiving side of a range of different actions, including heavy penalties.
What Must be Incorporated in a SAR Reply?
When a Subject Access Request is received by a business or company, they must provide a reply which gives the separate access to verification that their data is being handled, to the data itself and to additional data that is being kept.
If the appeal is made by electronic methods, the company is supposed to provide a reply through a normally used electronic arrangement.
What’s the New Reply Time for a SAR?
According to GDPR laws, when a SAR is received by a company, it requires abiding by the appeal within a month. If the appeal is complicated, this timeline can be increased to up to 3 months, however, an initial reply still has to be transmitted in the 1st month.
What other Modifications are taking place?
Among the main modifications to SAR processes, with the launch of GDPR, is that companies can’t charge to deliver the reply unless applications are unfounded, excessive or repetitive. Even when this is the situation, the price of the reply can only take into account the expenditure that is included in the administration of the appeal.
Even though the whole, SAR procedure isn’t going to alter a lot when GDPR becomes effective, the important differences we have found must be accepted by all data safety experts, and business proprietors.