Toggle menu

Case Type - Subject Access Requests

Configuration

The following settings should be reviewed as part of configuring an SAR case type.

User Groups

You'll need user groups to manage your case and carry out the tasks associated with it. The standard ones are as follows.

NameDescription
CM-SARThe users who will handle SAR cases. These users may also carry out the response and validate tasks
CM-TASKSThe users who will have the collect and investigate tasks assigned to them
CM-VALIDATEThe users who will carry out the "Validate Subject ID" task

Tasks

Four tasks are used by SAR cases.

TaskDescription
Validate Subject IDThis task formally records that the ID of the person raising the SAR has been confirmed. It includes options for contacting them. It could be set up to be generated automatically. It could be carried out by the case manager or a separate group
Collect InformationThis allows a single response and file upload
InvestigateThis allows ongoing updates to be passed back to the case
SAR ResponseThis formal response sends an email to the person who raised the case and allows any files uploaded as part of the case to be included as attachments

Emails

All of the emails listed in Emails and Notifications should be reviewed.

SLAs

The ICO has published guidance on the time limits for responding to requests https://ico.org.uk/your-data-matters/time-limits-for-responding-to-data-protection-rights-requests/ (opens new window). Your SLAs and reminders should be set up to reflect these limits.

Last modified on October 18, 2022

Share this page

Facebook icon Twitter icon email icon

Print

print icon