Presented by

The finer points of GDPR Data Subject Access Requests

How to deal with them and issues that arise.

Find out more

  • Format: Bespoke training
  • CPD: 1 hours for your records (depending on your requirements)
  • Certificate of completion


This session provides expert advice and commentary on the pitfalls and perils of responding to a GDPR Data Subject Access Request (DSAR). Most people dealings with current DSARs only have a rudimentary understanding of what they are supposed to be doing. This live training event goes through from start to finish how to cope, what to do and what to watch out for.

The EU General Data Protection Regulation (GDPR) was a major new piece of legislation which came into force across the EU on 25 May 2018, providing a single data protection law for the whole EU. The UK has its own equivalent now in force even before the end of the Brexit withdrawal agreement at the end of 2020. 

One major requirement for any business covered by the GDPR is the need to respond to a data subject access request. The maximum penalties for getting it wrong are the greater of 4% of annual global group turnover of an organisation or 20 million Euros, depending on the severity of the breach. More importantly, there are reputational issues at stake and issues of customer trust.

Mark Weston is a leading expert on GDPR having carried out and supervised over 80 GDPR audits and provided advice to organisations of all types and all sizes. He has been GCHQ accredited.

One key benefit of the session is, time permitting, the ability to ask him particular issues that may affect you and your business.

Benefits of this programme

During this course you will:

  • Learn about the things people most get wrong about DSARs
  • Understand how it affects your business – root and branch
  • Get-to-grips with some of nuances of the law and practice
  • Consider how the DSAR processes should apply to you and the business you work for
  • Get up-to-date with an in-depth knowledge of the latest issues and the ICOs consultation about DSARS
  • Understand the pitfalls – and how to avoid them

Who is this programme for?

This programme has been specifically designed for those who deal with personal data in any way or more widely are in business in any way – DSARS apply to them all!

  • In-house lawyers
  • Private practice lawyers
  • Compliance officers
  • Company secretaries
  • Board members
  • Management of any sort
  • HR professionals
  • Marketing professionals
  • Anyone who uses or possesses personal data

Topics covered:

  • The basics
  • What is a DSAR?
  • The identity of the DSAR maker
  • Issues around time limits
  • Ensuring the DSAR is sufficiently clear
  • Charging for the response
  • What is it that needs to be disclosed?
  • Communicating the information
  • Dealing with post-disclosure issues
  • Dealing with post-disclosure problems
  • Main issues that arise in practice
  • The ICO and DSARs
  • Questions

Mark Weston

Mark Weston is a Partner at Hill Dickinson LLP where he is Head of Information Technology, Intellectual Property and Commercial. His practice covers all areas of commercial law and he has a wealth of industry experience having worked in-house at Hewlett Packard. He regularly appears on BBC1 and Sky News as a legal commentator.

More details

We don't have any currently scheduled dates for this course but we can customise it to your requirements and deliver it on an in-house basis for any number of your staff or colleagues.

See below or contact us to discuss yor requirements.

Multiple colleagues?
Talk to one of our training experts to discuss how to:

Run this course conveniently and cost-effectively in-house for your staff and colleagues

Aleksandra BEER
Training expert

+44 (0)20 7749 4749