A SAR is a request from an individual, or a representative such as a solicitor, for access to information held about them. Patients, or their representatives, may make a SAR to ask for information such as their medical records, or dates of consultations and treatment. Under the GDPR practices have to comply with SARs in almost all cases and this new guidance is designed to help those tasked with responding to comply with the rules.
The new advice sheet Subject Access Requests from Solicitors and Insurance Companies under the GDPR explains the legal duties for practices and sets out responses to the most common types of question we have received so far such as: the difference between SARs and requests under AMRA; requests from insurance companies; and practical issues such as electronic records and encryption.
Download Subject Access Requests from Solicitors and Insurance Companies under the GDPR (pdf).