FAQ
FAQ’s
What is a Subject Access Request (SAR)? Why do I need to track it?

What is a Subject Access Request (SAR)? Why do I need to track it?

A Subject Access Request (SAR) is a right that has been provided by the General Data Protection Regulation (GDPR). It enables citizens to demand to be granted access to the personal data they have with the organizations.

A SAR is a formal request made by the data subject, an individual, to the data controller, or an organization to:

  • Ask if your data is being processed
  • Forward copy of that personal data
  • Inquire about further usage of their data

An SAR can be oral or in writing; this can be done through social media. It can also be made to the Commission by any third party on behalf of the affected person. Within one month they must file their response to the company.

Why tracking sars is essential:

  • Legal compliance: SARs must be tracked to maintain compliance with the GDPR parameters that need to be followed. Noncompliance attracts severe penalties accompanied by legal consequences/go all the way up to nonresponse.
  • Time management: Because of the one-month response deadline, tracking is helpful in keeping tabs with the responses while helping to avoid cases where responses may have been overlooked.
  • Quality control: Special tracking enables the organization to be consistent when dealing with such matters and enhances the quality of the information given.
  • Resource allocation: Measuring the number and type of SARs enables organizations to decide on how to properly address the requests.
  • Process improvement: It helps organizations understand the nature of requests most often submitted to be able to manage the flow of data in the organization more efficiently.
  • Auditability: SARs and responses should be documented to show that the organization is aware of the requirements and thus can meet them if audited.
  • Data subject trust: As we shall see, the proper management of SARs fosters trust amongst people since it shows that their rights to data are valued.
  • Risk management: Tracking proves useful for detecting any data problem or data breach that may be seen in patterns of access requests.

Was this article helpful?

How can we improve this article?

Related questions

  • Which is the latest version of the PCI DSS compliance?
  • What is the current version of ISO 27001?
  • What is PCI DSS compliance verification?
  • What are PCI DSS compliance milestones?
  • What are the three steps of PCI compliance?
  • What are the functions of PCI?
  • How often must PCI DSS compliance be validated?
  • What is required for PCI DSS compliance?
  • How to reduce PCI DSS cost?
  • Does ISO 27001 require MFA?

Found this useful?

Get SOC 2 compliance
ready in 4 weeks!

Try Sprinto

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales