News & Blogs

Subject Access Requests under GDPR
22 November 2023 10:20

In the UK the under the General Data Protection Regulations (GDPR) individuals have the right to a copy of personal data that your organization holds about them. This is referred to as ‘subject access’ and frequently covered by a subject access request or SAR. The ICO recently issued guidance on how SARs should be handled.

Applying ISO 27701:2019 helps organisations to demonstrate effective risk controls covering SARs and other requirements, this via a tailored risk treatment plan relating to personal privacy. In the main information security management systems based on ISO 27001:2022 overall information security are supplement where required by ISO 27701:2022 requirements.

Follow the ICO link for SAR compliance guidance.

Follow the this link ISO 27001 consultancy for more on available support