‘A Practical Guide to Managing GDPR Subject Access Requests’ by Patrick O’Kane


Paperback: 978-1-913715-61-8
Published: December 2020
Read a FREE chapter online now

Purchase from ourselves by adding to cart below, or purchase with optional Prime delivery from Amazon, here.

SKU: B0175 SUBJECTACCESSREQUESTS Categories: , Tags: , , , ,


How should your company respond to requests from people who want to access their personal data?

GDPR gives individuals the right to access and seek a copy of all of the personal data your company holds on them. This may include access to emails, call recordings, CCTV footage and any other record containing their personal data.

A recent study showed that companies spend up to £1.58 million per year dealing with GDPR Data Subject Access Requests. The Information Commissioner’s Office receives more complaints on Access Requests than any other issue.

Access Requests are a legal minefield. If Access Requests are mishandled, they can leave companies open to fines, litigation and reputational damage.

This concise practical guide explains how to comply with Access Requests under GDPR including:

  • Recognising Access Requests
  • Understanding the rules and time limits
  • Finding the data
  • Redacting the data
  • Understanding the exceptions to Access Requests
  • Dealing with Access Requests from your own employees
  • Drafting a company policy on Access Requests
  • Training Staff on Access Requests

This book aims to put your company on the right side of GDPR Access Requests.


Patrick O’Kane is a Barrister. He is Head of Privacy at a Fortune 500 Company where he helped lead a major GDPR project across a group of more than 100 companies. Previously, he led the Privacy Team at a large group of insurance companies in London. Patrick is the author of the book ‘GDPR: Fix it Fast – How to Apply GDPR to your company in ten steps’. He has written on Privacy for numerous journals and magazines.

Patrick is Certified in EU and US Privacy Regulation and was made a Fellow of Information Privacy by the International Association of Privacy Professionals in 2020.


Chapter 1 – What is an Access Request?
Chapter 2 – Which Categories of Data Can a Person Access?
Chapter 3 – Access Requests: The Formalities
Chapter 4 – The Search
Chapter 5 – Third-Party Data
Chapter 6 – Templates for Responding to Access Requests
Chapter 7 – Training Staff on Access Requests
Chapter 8 – Access Request Policies and Procedures
Chapter 9 – Employee Access Requests
Chapter 10 – Further Rights Under GDPR
Chapter 11 – Exemptions
Chapter 12 – Frequently Asked Questions