Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

SAR

  Quote
Guest
Guest user Created:   Sep 29, 2020 Last commented:   Sep 30, 2020

SAR

Hi, can I please have some advice on SAR regarding an employee and a grievance?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Sep 30, 2020

Employees, like other data subjects, have the right to access their personal data. When you receive a SAR (Subject Access Request) you need to reply without undue delay (usually one month) and you can extend such a period to another month for complex requests.

You need to give access to the employee to data stored excluded for documents subjects to legal privilege (i.e. legal advice on the employee), data concerning third parties, disproportionate request.

You should also inform the employee about the categories and the purposes of data processing, how data have been processed, the legal ground of processing, the source of data (if data were not communicated by the employee), data retention periods, other data subjects rights, if data had been transferred to third parties, security measures if any automated processing method applies. Usually, all this information is included in the employee privacy policy.

Please consider that if the SAR is too generic you can ask for clarification to the employee, if the employee is not legitimate to access, you can reply with a denial, but do not ignore the request otherwise the employee can lodge a complaint to the Data Protection Authority of your country.

Here you can find more information:

If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 29, 2020

Sep 30, 2020

Suggested Topics

Guest user Created:   Apr 05, 2021 EU GDPR
Replies: 1
0 0

È necessario il DPO?

Guest user Created:   Mar 10, 2021 EU GDPR
Replies: 3
0 0

Is explicit consent request necessary?

Guest user Created:   Apr 06, 2020 EU GDPR
Replies: 1
0 0

SAR REQUEST UNDER GDPR