0203 3013384
CONTACT

SAR Processing Audit Services

BOOK A CALL
_0000_2560px-Macmillan_Cancer_Support_logo.svg
_0012_rhodes
_0018_Boxpark_LOGO
_0010_reigate_and_banstead_borough_council
_0013_SWAST
_0015_RDUH
_0014_Bristol-Airport-logo
_0003_Exeter Chiefs
_0001_Maidstone Borough Council
_0002_Birmingham Airport
plymouth city council logo
solihull metropolitan borough council logo
accelerant logo
Royal-Devon-logo_colour_Right-Aligned
dorset council logo
dreams logo
catalyst logo

Ensure Compliance
reduce risk

SAR PROCESSING AUDIT

DPAS offers a dedicated SAR Processing Audit designed to give your organisation a comprehensive, independent assessment of its SAR handling function. Our audit goes beyond compliance checks, we assess policies, SAR redaction practices, tools, workflows, staff training and awareness, and we provide a prioritised roadmap of remedial actions. This streamlined service targets core areas of your subject access request framework to swiftly identify risks and highlight practical opportunities for improvement. 

The outcome is a thorough, actionable report that not only strengthens compliance but also supports in enhancing efficiency, reducing costs, and improving customer and employee trust.

Ready to learn more?

book a meeting

BOOK A MEETING
MAKE AN ENQUIRY
What's Included
CASE STUDIES
Meet the Team
Book a meeting

SAR PROCESSING AUDIT SERVICES

WHAT'S INCLUDED

The SAR Processing Audit is designed to analyse your entire SAR handling process, from receiving the request, to returning data to the requestor. Our specifically designed audit analyses every step of the process, identifying inefficiencies, and opportunities to improve processing, alongside ensuring regulatory compliance throughout.

Areas for assessment include:

  • Governance and accountability in SAR handling.
  • Policies and procedures for SAR intake, triage, and completion.
  • Redaction practices to safeguard third-party data.
  • Appropriate use of exemptions.
  • Use of technology and tools (case management, redaction software, tracking).
  • Timescales and escalations, including extensions and refusal.
  • Efficiency and resourcing, identifying bottlenecks and duplication in your process.
  • Training & awareness of staff in relation to SAR handling.

This initial stage is for us to introduce key contacts, and for DPAS to provide you with key information in relation to the audit process, and our requirements. This is an ideal time for you to clarify any particular concerns, and for us to establish timelines. DPAS prides itself on building lasting relationships, and this initial alignment is key to a successful partnership.

DPAS will review all relevant documentation and start to form an initial understanding of your organisation’s standards. DPAS will provide your organisation with a list of desired documents – if you can provide all of these then great, however, we understand that every organisation is different and you may have alternatives, this differing approach is considered within our criteria. 

DPAS will engage with the stakeholders you identified earlier on, using a variety of techniques to assist individuals in providing us with relevant information. The stakeholders are not all required to be request handling staff – we are looking for an honest representation of what happens day to day, so a wide variety of individuals is extremely beneficial. 

DPAS will compile all of the information and analyse the evidence. This information will be used to assess your organisation against our audit criteria. Your organisation will be awarded a compliance score, so you can easily identify where your organisation is performing well, or perhaps requires improvement.

DPAS will compile all of our findings into a comprehensive report. The report will detail our observations, and highlight areas for improvement and where your risks are currently more prevalent.

Alongside the report, DPAS will provide your organisation with a comprehensive action plan that pragmatically manages the identified risks, inefficiencies, and areas for improvement.

We don’t stop at recommendations. We work with you to design and implement a remediation plan. This includes guidance from our SAR team, to help you implement change confidently. DPAS can also provide further support with remedial work if necessary.

CASE STUDY

SAR AUDIT SERVICES

ROYAL DEVON UNIVERSITY HEALTHCARE approached DPAS, seeking  additional support to improve resource capabilities to address the backlog of SARs.

DPAS was able to support the team by providing training for Subject Access Requests (SARs), offering redaction services for complex SARs, and providing an onsite Data Protection Manager (DPM).

"

On top of an already demanding workload, we had a new system integration, a merger to form a new Trust, and the impact of Covid to deal with. DPAS really helped to take the pressure off by helping with complex SARs and DPIAs.

Having no idea how many SARs you may receive, having the ability to flex by using additional resources can be quite useful. Knowing I can rely on Charlotte’s support with DPIAs and data sharing agreements really takes the pressure off. It is really helpful, having someone that can take the time out to review requests.” – Rhiannon Platt – Information Governance Manager.

rhiannon platt

royal devon university healthcare

Meet Our sars Team

zack bellekom

subject access requests manager

jemma jones

senior subject access requests officer

bethany meredith

subject access requests officer

sophie costain

subject access requests officer

"FANTASTIC SERVICE, DELIVERED BY A GREAT TEAM WHICH HAS MADE A HIGHLY COMPLEX PROJECT EASY TO DIGEST"

We decided to use DPAS because we felt they were a good fit for the BOXPARK brand, being a boutique data protection advisory company. Since the commencement of the project, we have received fantastic service delivered by a great team - making a highly complex project easy to digest. They hit every deadline and continue to provide us easy-to-understand data protection advice and support.
Matthew CarterBOXPARK
Matthew Carter
"I WAS EXTREMELY RELIEVED TO FIND THE FRIENDLY TEAM AND EXCELLENT SERVICE AT DPAS"

They went out of their way to support me in a short timeframe, not only to fulfil my data privacy criteria - which included more complex special category data processing - but also with trusted legal support, which - being all under one DPAS roof - was easier to access and significantly more time and cost effective.
Kate Shepperd-CohenMENSTRUAL SUPPORT SERVICE
Kate Shepperd-Cohen
"THOROUGH, EFFICIENT, AND REMARKABLY UNOBTRUSIVE FROM AN OPERATIONS PERSPECTIVE"

We enlisted DPAS to help with our journey to GDPR compliance, as we didn't have the resources and skills within our team. DPAS' approach was thorough, efficient and remarkably unobtrusive from an operations perspective. Post completion of the project, we had a clearer idea of the risks and issues that attend GDPR compliance directly, and could tidy up in-house data processing to ensure we are more efficient as a business.
Giles Squirrel TEIGNMOUTH MARITIME SERVICES
Giles Squirrel
"DPAS REALLY HELPED TO TAKE THE PRESSURE OFF BY HELPING WITH COMPLEX SARS, AND DPIAS"

On top of an already demanding workload, we had a new system integration, a merger to form a new Trust, and the impact of COVID to deal with. DPAS really helped to take the pressure off by assisting with complex SARs, and DPIAs. With no idea how many SARs you may receive, having the ability to flex by using additional resources can be quite useful. Knowing I can rely on Charlotte's support with DPIAs and data sharing agreements really takes the pressure off. It's really helpful having someone that can take the time out to review requests.
Rhiannon PlattROYAL DEVON UNIVERSITY HEALTHCARE
Rhiannon Platt
"LEGAL SUPPORT, WITH AN ETHICAL AND PRAGMATIC TWIST"

Bristol Airport have worked closely with DPAS for several years, and they have been instrumental in providing their services, helping us to deliver transformative projects across our airport.
Kate Maddock-Jones BRISTOL AIRPORT
Kate Maddock-Jones
"EVERY ONE OF THE TEAM IS KNOWLEDGEABLE AND EXTREMELY COMPETENT"

DPAS have been hugely helpful in recent years, in ensuring that SWAST are doing our best and continuing to comply with information governance best practice and compliance. From our experience, every one of the team is knowledgeable and extremely competent. We have benefited from a range of services from DPAS and specifically with them acting as our Data Protection Officer. They have offered training and advice, and added to our Information Governance capacity, which was welcome and much needed.
Tim BishopSWAST
Tim Bishop
"DPAS IMPRESSED US WITH THE BREADTH AND DEPTH OF THE SERVICES THEY OFFERED"

We were looking for an independent review and audit of our data processing activities and policies across the Rhodes Trust and our partner programmes. When we went to the market, DPAS impressed us with the breadth and depth of the services they offered. We are a relatively complex organisation, but the DPAS team quickly understood how our work fits together, and throughout the audit process, I’ve appreciated the expertise of each member of the team that we’ve worked with. Their advice throughout has been reassuringly thorough, pragmatic, and tailored to our needs.
Matthew TreavisRHODES TRUST
Matthew Treavis
"WE ARE VERY HAPPY WITH THE HIGH STANDARDS OF SERVICE RECEIVED "

The University of Exeter Students’ Guild were keen to ensure we were delivering our GDPR commitment on time and on track. We therefore needed a qualified Data Protection Officer to monitor our progress, provide assurance that we were on the road to compliance, and maintain the role going forward. We sourced DPAS as they were local and have 20 years of data protection experience. We are very happy with the high standards of service received, and the training provided was not only delivered professionally, but completely tailored to our business type. I highly recommend Data Privacy Advisory if you have GDPR worries or you are considering having a Data Protection Officer look after your organisation.
Mark JohnsonUNIVERSITY OF EXETER STUDENTS GUILD
Mark Johnson
"A GREAT, RELIABLE SERVICE WHEN WE NEED IT MOST "

DPAS provides us with excellent, responsive advice when we need to supplement our in-house resource – a great, reliable service when we need it most.
Carys JonesRBBC
Carys Jones
"I WOULDN'T HESITATE USING THE TEAM AT DPAS AGAIN "

When faced with a complex Subject Access Request, we went out to the market to look for a provider that had the knowledge and experience to complete the data conversion and redaction on our behalf. We were impressed with the team at DPAS from the offset and entrusted them to deliver the required redacted documents within the legal timeframes. We found the team responsive and also accommodating when we needed tweaks to how the final information was presented – I wouldn’t hesitate using the team at DPAS again.
Tariq OzaibiHead of Supporter Care & Compliance
Tariq Ozaibi

WE WORK WITH FTSE 100s Multi-National Organisations Schools Universities Councils Local Governments Agencies NHS Trusts GP Practices Retailers Charities Multi-Academy Trusts Housing Associations Ambulance Services Insurance Companies Sporting Associations Airports Retail Companies Hospitality Businesses

BOOK A CALL

Want to Find out more?

get in touch for a quote