Expert advice on SAR deadlines, redaction, compliance and data protection — written by our specialist team.
Everything UK organisations need to know about professional SAR services — from core components and outsourcing benefits through to provider selection and ongoing compliance. The foundation article for our full SAR content series.
Read the complete guide →When a Subject Access Request arrives, the compliance clock starts immediately. For UK organisations without specialist support, mishandling a SAR can mean ICO enforcement and financial penalties. Here is how professional support transforms the process.
Read the guide →An employee has submitted a Subject Access Request. The 30-day clock is running. This step-by-step guide covers exactly what you need to collect, review, redact and disclose — and the mistakes that most HR teams make under pressure.
Read the guide →Not everything in a SAR must be disclosed. UK GDPR and the Data Protection Act 2018 permit — and sometimes require — certain content to be withheld. Here's a complete breakdown of what can be redacted, and the legal basis for each category.
Read the guide →Many organisations confuse Subject Access Requests with Freedom of Information requests — but they operate under entirely different legal frameworks, with different deadlines, exemptions and obligations. This guide explains both, clearly.
Read the guide →Handling SARs in-house works fine — until it doesn't. Large mailbox exports, tight deadlines, sensitive third-party content and stretched internal teams are all signs it's time to bring in specialists. Here's how to know when you've reached that point.
Read the guide →Missing the deadline, over-disclosing third-party data, under-redacting sensitive content or failing to respond at all — each carries real consequences. From ICO fines to employment tribunal exposure, this guide covers what's actually at stake.
Read the guide →A Subject Access Request from a former employee carries all the same legal weight as one from a current member of staff — and often a great deal more complexity. Here is what you are required to provide, what you can withhold, and how to avoid the mistakes that make a difficult situation worse.
Read the guide →UK GDPR permits a SAR deadline extension in certain circumstances — but the bar is higher than many organisations assume, and the procedural requirements are strict. Here is when you can extend, exactly what you must do, and what happens if you get it wrong.
Read the guide →A Subject Access Request arriving under a solicitor's letterhead raises the stakes immediately. Your legal obligations are unchanged — but the context matters, and how you handle this request could have consequences well beyond data protection compliance.
Read the guide →Healthcare organisations handle some of the most sensitive personal data in existence. When a patient submits a Subject Access Request, the obligations are the same as in any other sector — but the complexity, the data volume and the potential consequences of getting it wrong are frequently much higher.
Read the guide →