Case Type - Subject Access Requests
Configuration
The following settings should be reviewed as part of configuring an SAR case type.
User Groups
You'll need user groups to manage your case and carry out the tasks associated with it. The standard ones are as follows.
| Name | Description |
|---|---|
| CM-SAR | The users who will handle SAR cases. These users may also carry out the response and validate tasks |
| CM-TASKS | The users who will have the collect and investigate tasks assigned to them |
| CM-VALIDATE | The users who will carry out the "Validate Subject ID" task |
Tasks
Four tasks are used by SAR cases.
| Task | Description |
|---|---|
| Validate Subject ID | This task formally records that the ID of the person raising the SAR has been confirmed. It includes options for contacting them. It could be set up to be generated automatically. It could be carried out by the case manager or a separate group |
| Collect Information | This allows a single response and file upload |
| Investigate | This allows ongoing updates to be passed back to the case |
| SAR Response | This formal response sends an email to the person who raised the case and allows any files uploaded as part of the case to be included as attachments |
Emails
All of the emails listed in Emails and Notifications should be reviewed.
SLAs
The ICO has published guidance on the time limits for responding to requests https://ico.org.uk/your-data-matters/time-limits-for-responding-to-data-protection-rights-requests/ (opens new window). Your SLAs and reminders should be set up to reflect these limits.
Last modified on October 18, 2022
Share this page
