Scribd Logo
Upload

Welcome to Scribd!

  • Data Subject Access Request Template

    Uploaded by

    Shah Khan
    41 views5 pages
    Data Subject Access Request Template

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Data Subject Access Request Template

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    41 views5 pages

    Data Subject Access Request Template

    Uploaded by

    Shah Khan
    Data Subject Access Request Template

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Subject Access

    Requests

    1
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    Document Information
    Version Control
    Owner Version Edited By Date Change History
    User 1 Resilify.io DD/MMM/YYYY First Draft

    Distribution
    Held Format Location Comments
    By
    User Digital / Physical

    Status
    X Status Approved By Date
    X Draft DD/MM/YYYY
    Final Draft
    Published
    Withdrawn

    Classification
    X Confidential
    Restricted
    Unclassified

    Relevance to Standard

    Standard Clause Title

    Data Protection Act 2018 NA NA

    License

    Licensed by Assent Risk Management via Resilify.io Under a Creative Commons Share Alike License.

    2
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    Contents

    Document Information_____________________________________________________________________________2
    Contents_______________________________________________________________________________________________3
    Policy Content________________________________________________________________________________________4
    Introduction__________________________________________________________________________________________4
    Receiving a Request__________________________________________________________________________________4
    Acknowledging a Request___________________________________________________________________________4
    Searching for PII______________________________________________________________________________________4
    Third Party Data within the Data You Find_______________________________________________________5
    Response______________________________________________________________________________________________5
    Data Destruction_____________________________________________________________________________________5

    3
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    Policy Content
    More information on the right to access is available at the ICO Website.

    Introduction
    Any written request for personal information - by a customer for their information or a
    member of staff – should be processed in accordance with data protection
    legislation.

    This document is designed to help you through the process.

    Receiving a Request
    The General Data Protection Regulations require responses to data subject access
    requests within 28 days.

    This time begins on receipt of the request.

    Data Subject Access Requests should be passed to the Data Protection Officer
    (DPO) or the person responsible for Data Protection as soon as possible.

    Acknowledging a Request
    The person responsible for Data Protection will evaluate whether there is enough
    information to fulfil the access requests including:

     Can the data subject be identified?


     Is it the data subject making the request?
     Does the requester have the legal right?

    If more information is required, this will be requested in writing. Regardless, all


    requests will be acknowledged in writing.

    Searching for PII


    All systems will be searched for the data subject’s information.

     [ Insert list of Systems ]


     [ Insert Data Register ]

    4
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    Search through all systems for information.

    Then go through all the documents to extract the personal information to be


    disclosed, including expressions of opinion.

    DO NOT provide the whole document, but only the relevant data within those
    documents.

    Third Party Data within the Data You Find

    Any data about someone other than the data subject is considered a third party.

    IF third party data cannot be deleted from the data without destroying the data itself
    consent from the third-party will be obtained.

    Response
    The Response to the Data Subject Access Request will include:
     What is being disclosed,
     How the organisation came to hold that data,
     All data that is possible to disclose under the legislation.
     The option to review with the company if the data subject believes not all
    data has been disclosed.
     A reminder that the data subject may contact the ICO.

    Data Destruction
    If the data subject requests the deletion of their data, the organisation’s data
    destruction procedure will be followed.

    There may be a legal basis to retain some personal information even where the data
    subject has asked for it to be deleted.

    5
    © Distributed by Resilify.io under a Creative Commons Share Alike License.

    You might also like