Public Affairs Ireland | Training and Development | Conferences

Loading Events

« All Events

Managing and Responding to a Data Subject Access Request (DSAR)

July 29th @ 9:30 am - 4:00 pm


Full Course Details

Date: Monday, July 29th 2024
Time: 9.30am – 4.00pm
CPD: 5.5 CPD Hours
Method of Delivery: Online
Fee: €495

Course Overview

Individuals have the right to access and receive a copy of their own personal data. This is commonly referred to as a Data Subject Access Request or ‘DSAR’ and is a request made within an organisation.

Dealing with a Data Subject Access Request is important for several reasons, especially in the context of data protection and privacy regulations. It is also essential for legal compliance, protecting individual rights, building trust, managing risks and establishing internal accountability within an organisation.

SARs are a fundamental aspect of individuals’ rights to privacy and control over their personal information. Proper training ensures that employees understand the procedures and legal requirements associated with SARs, reducing the risk of non-compliance and potential legal consequences. Employees need to understand their roles in the SAR process, from recognising and validating requests to coordinating the retrieval and response for information.

Learning Outcomes/What is Covered?

Delegates will be given a detailed outline of the following areas:

How to manage and respond to a Subject Access Request:

  • GDPR – Key definitions and introduction to changes to DSARs
  • Data Access Request Regime under GDPR
  • Access Rights
  • Restrictions (GDPR)
  • Exceptions to Right of Access

How to create an efficient DSAR process:

  • Review of systems
  • Draft/amend processes
  • Draft/amend templates
  • Verification and log

Case study 

A recent case of the of 26 October 2023 from the European Court of Justice (ECJ) (C-307/22 – FT Copies du dossier medical) on the right of access to information under Article 15 of the GDPR is of general importance to anyone dealing with DSARs in that, the court decided that the purpose (or intention) of the data subject doesn’t have to relate to data protection. According to Recital 63, purposes related to data protection are those which enable the data subject “to be aware of, and verify, the lawfulness of the processing’. This case will be analysed during the training but it is important to note that generally the controller is not entitled to question the purpose, or relevance (of the information) to the data subject when responding to a DSAR. We will discuss situations where controllers may, in some circumstances refuse to (or partially) comply with DSARS.

Who should attend?

This training will benefit Data Protection Officers (DPOs), Legal and Compliance Teams, HR Professionals and all individuals responsible for maintaining and managing records within an organisation.

Tailored Training 

All of our open programmes can also be run on an in-house basis. For more information, see our page on In-House Training.

Multiple Delegate Discount

Limited Places Available – book early to avoid disappointment.

  • 3+ Delegates – 5% Discount
  • 5+ Delegates – 10% Discount
  • 10+ Delegates – 15% Discount

To avail of our multiple delegate discount for 3 or more delegates, you must email with the name and details of all those you wish to book. All those you wish to book on must be booked at the same time.

For 1 or 2 attendees, manually enter in the number of tickets you wish to purchase below.


The numbers below include tickets for this event already in your cart. Clicking "Get Tickets" will allow you to edit any existing attendee information as well as change ticket quantities.
Managing and Responding to a Data Subject Access Request (DSAR)


July 29th
9:30 am - 4:00 pm
Event Category:
Event Tags:
, ,


01 877 3910