• Understanding the rights of individuals to access
  • How a request should be made
  • How to respond to a SAR
  • What falls within the law
    • How to conduct searches
    • Dealing with 3rd party data
  • Exceptions
  • Handling 3rd Party Requests
  • Preparing the formal reply
  • Guidance from Data Protection Commissioner (DPC) and article 29 working party
  • How to handle complaints
  • Determining whether a valid request has been made
  • Liaising with the applicant to clarify the request
  • Analysing whether particular manual (paper) records fall within the law
  • Setting parameters for the search for information and collating the results
  • Establishing whether the retrieved information is personal data
  • Dealing with third-party information
  • Applying for the relevant exemptions
  • Presenting the response to the applicant including how to redact documents
  • Managing dissatisfied recipients
  • How to deal with an investigation
  • Staff awareness and training


This course is suitable for Individuals, Company Secretaries, Directors, Compliance Officers, HR staff, Legal Advisors, IT Administrators or Managers and anyone with a responsibility for managing data or advising on data protection issues.

This is a comprehensive one-day course which will show you how to comply with the new EU GDPR Regulations and what will change from the existing legislation. The course will explain the new rules regarding the legal basis for processing, consent, privacy notices, control of personal data, mandatory breach reporting, complaints and penalties as well as practical guidance on what organisations can do to remain compliant.

  • Identify the Rights of a Data Subject
  • Enforced Subject Access under Irish DPA. What is it?
  • SAR complexities and best practices
  • What constitutes a SAR under the new EU GDPR
  • Recognise and process a valid SAR
  • Managing SAR complaints
  • Identify objections and exceptions when processing SARs
  • Dealing with Third Party information
  • Incorporate SARs into your operational ‘business as usual’ processes
  • Discuss ‘Right to be forgotten’ concept
  • Understand what ‘data portability’ is and how it applies to your organisation
  • Discuss the term ‘Profiling’ under the new Regulation



Your organisation will save time through efficient processing and response procedures and reduce the risk of non-compliance with legislation or customer complaints. Pitfalls resulting from non-compliance can also be avoided.

The course content will offer plenty of examples to assist in implementing a sound process to deal with a wide range of SARs.

By adopting best practices you develop a process for managing SARs which can be adopted into your organisation's daily operations.

If for any reason you need to cancel your place on the course, please ensure you are aware of our cancellation policy.