This guide is to assist you in making a Subject Access Request. It describes the various ways a respondent can reject a SAR or tamper with the evidence.
1. Nothing in this presentation may be construed as Legal Advice.
Subject How to
achieve a
Access devastating
Request effect
www.dataprotectionofficer.com ||| info@dataprotectionofficer.com
SAR SAR can be requested here Evidence likely to be tampered with Evidence less likely to be tampered with
2. The truth about Subject Access
Request (SAR)
• When you make a SAR SAR
– Your request may not ask the right questions from the
right sources , therefore the information may be
– Tampered with
• The organisation may deny the existence of the information
required leaving your request less effective as an evidence.
• This guide will provide you information about the
depth of information that can be requested
capable of preventing tamper
• The request needs to get to areas of an
organisation that is more difficult to tamper with
SAR SAR can be requested here Evidence likely to be tampered with Evidence less likely to be tampered with
3. Overview of the process
Subject has With an official Notification of Decision and
An issue has arisen
a complain or department management documentation
Issue Official(s) Management Decision
SAR
SAR
Incident
communication
Act Officer(s) Management
Meeting
Department HR Documentation
Decision
Subject SAR
SAR SAR
Event
Allegation
Negligence
SAR SAR can be requested here Evidence likely to be tampered with Evidence less likely to be tampered with
4. Issue arises with
the subject
Subject
Incident
Meeting
Decision
Officer or subject
communicates
with the subject or
Email
Report
Meeting
Telephone
Management
Communication
Audit of the issue
is communicated
PC
Laptop
Witness
via the network
Network
Telephone
All electronic
traffic is logged
Servers
and tracked
Traffic logs
Server logs
Backup logs
Audit logs on all
computer systems
Audits
provide evidence
PC Audit
Web Audit
Email Audit
Target organisation layout
All decisions are
required to be
HR files
Records
documented
Decision &
documents
5. SAR points of impact
Mobile phone
Audit, logs & servers
SAR
SAR
Email server
Laptops
SAR
Issue
SAR SAR
SAR
Web logs
computers SAR
Telephone
SAR
SAR
SAR
SAR SAR can be requested here Witness
Evidence likely to be tampered with
Evidence less likely to be tampered with
6. The overall objective
• An in-depth request that is
The strategy • Make it difficult for the
harder to repudiate respondent to deny the
• Target areas that will reveal existence of the information
information that the • Request information from
respondent cant tamper areas that the respondent
with & that will reveal cant easily tamper
detrimental information
The SAR End result