This practical workshop, will look at managing Subject Access Requests and what you need to consider to comply with legislation and upholding individuals rights to access personal and sensitive information held about them. This will enable delegates to look at case studies and have the confidence to respond to requests.
“The right of individuals to access information that organisations hold on them is one that is vital for transparency, and is enshrined in law. What we’re seeing now is that many employers are misunderstanding the nature of subject access requests, or underestimating the importance of responding to requests. For example, employers may be unaware that requests can be submitted informally, such as over social media, or do not have to contain the words ‘subject access request’ in order to qualify as a legally binding request. Similarly, employers may not realise that there is a strict time frame for responding to requests, and this must be kept to.”
Elanor McCombe, Policy Group Manager at the Information Commissioner’s Office
In 2018 both the General Data Protection Regulation and a new Data Protection Act were introduced in the UK, requiring health and social care bodies, by the nature of their work, to respond to Subject Access requests. There is, to a certain extent, relatively clear guidance in the legislation as to what this requires organisations to do. This course, however, facilitated by an experienced Information Governance & Health Records Manager, undertakes to highlight how to practically implement the requirements, introducing a practical approach to Subject Access Requests.
Within Health and Social Care (inc. third sector); Data Protection Officers, Deputy Data Protection Officers, Information Governance Professionals and Line Managers of any of the above should attend this masterclass.
In May 2023, the ICO published a new guide on responding to subject access requests Read in full here
Key Learning Objectives include understanding:
Background and Legal Basis
Definitions
Working with others in the organisation: Information Asset Owners, Health Records Manager, Data Protection Officer, Caldicott Guardian, Senior Information Risk Owner
How to Manage a Subject Access Request: Identifying a valid request, Excessive & Unfounded request, Locating the information requested, Collating, Redacting & Disclosure, Exemptions
Requests from 3rd Parties: Solicitors, Insurance Companies, Police, Others, Requests from Staff
Complaints
Complex requests - Case studies
Information Commissioners Office - Audits and Enforcement
FACILITATOR
Originally from Stoke on Trent, Barry trained to become a nurse in the RAF in 1972. In 2000 he became the Data Protection Officer at West Suffolk Hospital.
In 2003 he founded and has since chaired the Eastern Region IG Forum. The forum has around 200 members, with 45 out of 50 attending the meetings held in Cambridge.
Barry is the former chair of the NHS National Strategical Information Governance Network (SIGN) group. (2015 – 2018)
Barry was the Head of IG and Health Records at 2 Acute Trusts in Suffolk & Essex from September 2017 to July 2018 on secondment to the local STP looking at information sharing and GDPR for Health & Social Care.
He is a keynote speaker at national conferences, with a down to earth pragmatic approach Data Protection/IG, as well as chair and speaker at the Excellence in Health Care Conferences (Oscar Krane).
In the summer of 2018 Barry left the NHS and became a Data Protection/Privacy Consultant and founded BJM IG Privacy Ltd & Associates, delivering training for HealthCare – UK, outsourced DPO services for Herts Valleys ICB, Private Health, 3 North London Hospices and local authorities as well as Delivering Caldicott Guardian training for GP Practices for NHS Wales. In 2019/20, Barry initiated conversations with the Apprenticeship Institute for a Data Protection Practitioner Apprenticeship and on 30th March 2022 the apprenticeship Level 4 as Data Protection and Information Governance Practitioner was approved for delivery.
Two notable awards were given to Barry in 2020; The ICO Excellence in Data Protection 2020 and IRMS Lifetime Achievement Award.
Barry regularly works in partnership with Tania Palmariellodiviney and her team at Data Privacy Simplified (DPS). Together, they are a powerhouse of experts, working on the common vision of improving Data Privacy & Cyber Security across the UK by helping organisations be fully compliant without sacrificing their core responsibilities and services within their organisation and simoultaniously increase its credibility and reputation.
