Skip to main content

Data Subject Access Requests and Data Breaches seminar - Cardiff

  • 30 January 2020
  • 09:00-10.30
  • Park Inn by Radisson, Mary Ann St, Cardiff, CF10 2JH
  • Entry: Free

Event materials

Submit your details to request event materials

An increase in Data Subject Access Requests from employees and media coverage of data breaches (including the recent New Year’s Honours data breach) has seen data protection increasingly influencing the HR agenda.

Data subject access requests can come from anyone, but probably the most common and problematic are in an employment context. A disgruntled employee may, for instance, make a request to gather evidence for a claim or to increase pressure with the hopes of securing an exit package - and the GDPR has expanded the information that employers must provide.

Dealing with data subject access requests can be a headache. In addition to coping with the sheer volume of documents such requests can produce, overstretched IT or HR personnel need to work with new concepts (for example what is “manifestly excessive”?), apply legal doctrines (such as the law relating to privilege) and deal with complex issues (such as how to treat the data of third parties).

The GDPR also has a new regime of mandatory reporting and notification for data breaches. This could be triggered by something as simple as an employee sending an email to the wrong address, requiring employers to consider whether a data loss or data breach triggers the threshold for notification to regulators and whether data subjects should be informed.

In this update, we’ll look at the new GDPR subject access regime, key points to consider when you receive a request, how to deal with some of these complex issues in practice and provide guidance on spotting and handling some of the more “routine” data breaches.

If you have any queries, or a colleague who would like to attend, please contact

Event speakers

bio image

Tom Ford

Managing Associate

I am a UK lawyer who advises on data protection matters from a risk and governance, workplace, and commercial perspective. Taking a ...

bio image

Sean Illing

Managing Associate

I work in two main areas: data, privacy & cyber, and employment law.

Related items

Related services

Data Subject Access Requests

17 November 2016

A practical look at some of the complexities faced by professional services firms in handling DSARs from clients, former clients, employees and partners.

Back To Top