Subject Access Request (SAR) policy template

£ 20

JUMP TO...
Why this policy is necessary
The template A purchase is required to view
Specifications

Our Subject Access Request (SAR) Policy Template outlines procedures for handling data requests, ensuring compliance with data protection regulations and safeguarding individuals' privacy rights.

This policy has three parts: an 'overview' that explains what it's about, 'scope' which details who it applies to, and 'general principles' that list the main rules it follows.

Additional implementation support:

subject access request (sar) policy template

Why this policy is necessary

This Subject Access Request (SAR) policy template aims to offer you a versatile and customisable tool, serving as a solid foundation for your needs. Utilise it to ensure consistency, enhance accuracy, and save valuable time.

Adapt it to suit your unique requirements, ensuring efficiency and effectiveness in your HR processes.

Specifications

Reading time icon
Time to read / prep / use
5 mins
Document specs icon
Word count / length
463 words, 2 pages A4
Date last reviewed icon
Date last reviewed
1 December 2024

Subject Access Request (SAR)

Overview

This Subject Access Request (SAR) Policy outlines the procedures and guidelines for handling SARs received by [Company Name]. The policy is designed to ensure compliance with data protection laws, including the General Data Protection Regulation (GDPR), and to safeguard the rights of individuals regarding their personal data.

Scope

This policy applies to all employees, contractors, and agents of [Company Name] who may handle SARs on behalf of the organisation. It covers the process for receiving, assessing, and responding to SARs in a timely and efficient manner.

General Principles

Definitions

  • Subject Access Request (SAR): A request made by an individual to obtain access to the personal data held about them by [Company Name].

  • Data Controller: The organisation that determines the purposes and means of processing personal data.

  • Data Processor: An entity that processes personal data on behalf of the data controller.

Responsibilities

  • Data Protection Officer (DPO): The DPO is responsible for overseeing compliance with data protection laws, including the handling of SARs, and ensuring that appropriate procedures are in place.

  • HR Manager/Officer: The HR Manager/Officer is responsible for receiving, assessing, and responding to SARs received by the organisation.

  • Employees: All employees are responsible for promptly forwarding any SARs they receive to the HR Manager/Officer and cooperating with the SAR process as required.

SAR Procedure

  • Receipt of SAR: SARs may be submitted in writing or verbally. Employees who receive a SAR must promptly forward it to the HR Manager/Officer.

  • Verification of Identity: The HR Manager/Officer must verify the identity of the individual making the SAR to ensure that personal data is disclosed to the correct person.

  • Assessment and Response: The HR Manager/Officer will assess each SAR to determine whether it is valid and whether any exemptions or limitations apply. A response will be provided to the individual within one month of receipt, unless an extension is necessary.

  • Record-Keeping: Records of SARs received and actions taken in response must be maintained in accordance with data protection laws.

Training and Awareness

All employees involved in handling SARs will receive training on their responsibilities under this policy and data protection laws. Regular updates and refresher training will be provided as necessary to ensure ongoing compliance.

Review and Monitoring

This policy will be reviewed and updated regularly to reflect changes in data protection laws and organisational practices. Compliance with the policy will be monitored through regular audits and assessments.

Conclusion

This SAR Policy demonstrates [Company Name]'s commitment to protecting the privacy rights of individuals and ensuring compliance with data protection laws. By following the procedures outlined in this policy, we aim to handle SARs effectively and transparently while respecting individuals' rights regarding their personal data.

A purchase is required to view    Protected content: Make a Purchase to unlock.

A purchase is required to view    Protected content: Make a Purchase to unlock.

This policy [does not] form[s] part of your terms and conditions of employment.

Version: [1.0]

Issue date: [date]

Author: [name, job title]

Why choose our Subject Access Request (SAR) policy template?

Our content:

Is easy to edit and execute, with comprehensive implementation guidance.
Is designed by accredited, experienced HR practitioners.
Maintains your compliance with ACAS guidelines, legislation, and industry best practices.
Includes 12 months access to your purchase, with email alerts if updated or expanded.

I have just renewed our membership for another year for HRdocbox. It's an extremely useful resource with a wide variety of documents and knowledge...
★★★★★
- Rachel Masing, ETM Group

I have previously posted a review on their service, however thought I should add an update. I have just signed up with them again...
★★★★★
- Jamie Allan, Armstrong Craven

Excellent library of resources and templates which have made my job in my small business so much easier to manage HR for my employees...
★★★★★
- Emma Hunt

Great value and the site contains an extensive library of essential HR documents. I access the site probably once a week...
★★★★★
- Laura Alliss-Etty

HRDocBox is a great resource. It is incredibly good value, providing a large selection of HR guidance materials as well as...
★★★★★
- Emma Beauchamp