Author: Martin Kayes, CISSP

‘GDPR Subject Access Request’, ‘GDPR SAR’ and ‘GDPR Consultant’ are trading styles of Cobalt ICT Limited. Cobalt ICT Limited is a small business run by our founder, Martin Kayes, which specialises in data privacy, GDPR, Cyber Essentials and cyber security. Martin is a highly experienced consultant, with over 25 years in the cyber security industry – he provides GDPR services and training for multiple businesses throughout the UK and holds the industry-leading qualification ‘Certified Information Systems Security Professional’ (CISSP) and is also a trained Cyber Essentials Assessor. Working in cyber security led to Martin’s work growing to include investigating fraud,…

Read More

It can be tricky to work out the exact costs of carrying out GDPR consultancy work, so to simplify the process we have created some simple pricing blocks. There are two sections below; one section for Businesses, priced excluding VAT, and one section for Individuals, priced include VAT. Debit and credit card payments are processed securely by Stripe, and an option to pay by bank transfer (BACS) is available upon request. For Business:1. Ask us a question Equivalent to 30 minutes of consultancy, this is often enough to answer any quick questions that your business may have.  2. SAR help…

Read More

Yes, data can be processed internationally under the UK GDPR (General Data Protection Regulation). Under the UK GDPR, international data transfers are permitted, but they must meet certain conditions to ensure that the transferred data remains protected to a level equivalent to that provided under UK data protection law. These conditions include: We can work with you to put the safeguards in place if you organisation has to share data with a data processor not in a country covered by an Adequacy Decision It’s important for organisations to assess the legal requirements and implications of international data transfers under the…

Read More

‘GDPR Subject Access Request’, ‘GDPR SAR’ and ‘GDPR Consultant’ are trading styles of Cobalt ICT Limited. Customers can email us via this contact form – we will aim to respond in less than four business-hours. or you can write to us at:Cobalt ICT Limited,White Collar Factory1 Old Street YardLondonEC1Y 8AF

Read More

When a company receives a GDPR subject access request (SAR), they are legally obligated to respond promptly and appropriately to ensure compliance with data protection laws. Here is a guide on how companies should respond to a GDPR subject access request: 1. **Acknowledge Receipt of the Request**: Upon receiving a SAR, acknowledge receipt promptly, ideally within a week. This acknowledgment can be a simple confirmation email to the individual making the request, acknowledging that their request has been received and is being processed. 2. **Verify the Identity of the Requestor**: Before disclosing any personal data, it is essential to verify…

Read More

Under the General Data Protection Regulation (GDPR), there are circumstances where a company may refuse to comply with a subject access request (SAR) from an individual. However, such refusals must be justified and comply with the provisions outlined in the GDPR. Here are some circumstances under which a company may refuse a GDPR subject access request: 1. **Excessive or Unfounded Requests**: If a request is manifestly excessive, particularly if it is repetitive, the company may refuse to act on the request. Similarly, if a request is unfounded or frivolous, the company may refuse to respond. However, the company must be…

Read More

In general, UK police forces are subject to the General Data Protection Regulation (GDPR) and must comply with individuals’ rights, including the right to make a subject access request (SAR). However, there are certain exemptions and limitations to consider when it comes to law enforcement data. Under the GDPR, member states have the discretion to introduce additional rules and safeguards concerning the processing of personal data for law enforcement purposes. In the UK, this is addressed in the Data Protection Act 2018 (DPA 2018), which supplements the GDPR and includes provisions specific to law enforcement data processing. Here are some…

Read More

In May 2018 GDPR was adapted in to UK law and is officially known as the UK GDPR, it sits alongside the Data Protection Act 2018. Although they are different, many people use these names interchangeably. The UK General Data Protection Regulation (UK GDPR) is the United Kingdom’s adaptation of the GDPR, which governs data protection and privacy for individuals within the European Union (EU) and the European Economic Area (EEA). The UK GDPR came into effect on May 25, 2018. The UK GDPR exists to protect the fundamental rights and privacy of individuals. It achieves this by placing strict…

Read More

An individual’s rights under the GDPR and UK GDPR only apply if that individual is resident in the UK or EU. If the company or organisation that you are dealing with is a Data Controller established in the UK or EU and they are processing personal data, they will have to comply with the GDPR and as such, they may be open to approach about any concerns you have. Strictly speaking, the Data Subject (you) would need to be residing in the UK or EU to benefit from the rights over personal data use that the GDPR gives to individuals.…

Read More

If a company has not responded to your GDPR subject access request (SAR) within the required timeframe, there are several steps you can take to prompt a response and ensure your rights are upheld: 1. **Follow Up**: If the initial 30-day response period has passed, we recommend sending a follow-up communication to the company, reminding them of your SAR and requesting an update on the status of your request. Include details such as the date you submitted the SAR and any reference numbers provided by the company. 2. **Escalate Your Concerns**: If the company still does not respond or provide…

Read More