Home / Services / GDPR / Subject Access Requests
GDPR

Subject Access Requests SAR & FOI Management

Expert management of Subject Access Requests under UK GDPR and Freedom of Information requests under FOIA 2000. We handle the entire process — logging, searching, exemptions, redaction and compliant response within statutory timescales.

Get SAR Support 0333 3233 785
1 MonthSAR response deadline
20 DaysFOI response deadline
FreeSARs cannot be charged for
Art 15Right of access
Individual Rights

Managing Subject Access & FOI Requests

A workplace risk assessment is a systematic examination of your work activities, premises and processes to identify what could cause harm to people — and whether you're doing enough to prevent it. Under the Management of Health and Safety at Work Regulations 1999 (MHSWR), every employer must carry out a suitable and sufficient assessment of the risks to the health and safety of their employees and anyone else who may be affected by their work activities.

If you have five or more employees, the significant findings of your risk assessment must be recorded in writing. But regardless of your size, risk assessment is the foundation of every health and safety management system — without it, you're managing safety blind.

RADCaT's qualified health and safety consultants carry out thorough, practical workplace risk assessments for businesses of every size and sector across the UK. We don't produce generic templates — we visit your premises, walk your processes, talk to your team and produce site-specific, task-specific assessments that genuinely reflect your operations and give you a clear, prioritised action plan for improvement.

Whether you need a general workplace risk assessment for your office, a task-specific assessment for high-risk activities in a factory, a site-wide review for a multi-building campus, or a pre-project risk assessment for a construction site — RADCaT delivers expert, HSE-compliant assessments tailored to your industry and your operations.

A late or incomplete SAR response is an automatic complaint to the ICO. In employment disputes, a poorly handled SAR can become evidence against you at tribunal. Professional SAR management from RADCaT protects your organisation.

Subject Access Requests from RADCaT
Types of Risk Assessment

SAR & FOI Services

Complete request management from receipt to response.

SAR Management

End-to-end Subject Access Request handling — logging, identity verification, scope clarification, system searches, exemption assessment, redaction and compliant response within one month.

FOI Management

Freedom of Information request handling for public authorities — logging, search, exemption assessment (qualified and absolute), public interest test and response within 20 working days.

Redaction Services

Expert redaction of third-party personal data, legally privileged material, safeguarding information and other exempt content from SAR and FOI disclosures.

Exemption Assessment

Assessment of applicable exemptions — third-party data, legal privilege, safeguarding, crime prevention, management forecasting, negotiations, exam scripts and regulatory functions.

Excessive Request Assessment

Assessment of whether requests are manifestly unfounded or excessive, justifying refusal or fee charging. Documentation of the reasoning for ICO if challenged.

Rights Training

Staff training on recognising and handling individual rights requests — SARs, erasure, rectification, portability, objection and restriction. GDPR training →

Every Industry

Risk Assessments for Your Sector

Every industry has different hazards. We tailor every assessment to your specific sector and operations.

Factories & Warehousing

Machinery, forklift, racking, noise

Transport & Logistics

Depot safety, loading bays, vehicles

Construction

CDM, excavations, heights, demolition

Schools & Education

Classrooms, labs, playgrounds, trips

Care & Healthcare

Patient handling, clinical, infection

Chemical

Process safety, COSHH, DSEAR

Hospitality

Kitchens, fire, slips, public safety

SMEs & Offices

DSE, fire, general workplace

Charities

Events, lone working, volunteers
Our Process

How We Carry Out a Risk Assessment

1

Receipt & Logging

We log the request, verify the requester's identity and clarify scope where needed — within the statutory timescale.

2

Search & Retrieval

We search all relevant systems — databases, email, paper records, cloud storage, CCTV, backups — for personal data matching the request.

3

Exemptions & Redaction

We assess applicable exemptions, redact third-party data and legally exempt material, and compile the disclosure bundle.

4

Quality Review

Every response is quality-checked for completeness, accuracy, appropriate redaction and compliance with Article 15 supplementary information requirements.

5

Response & Recording

Compliant response issued within the statutory timescale. Full documentation retained in your SAR/FOI register for accountability.

Related Services

Complete Your Compliance Puzzle

External DPO

Data Protection Officer

GDPR Audits

Compliance gap analysis

DPIAs

Privacy impact assessments

Policy Development

Privacy & data policies

Breach Response

72-hour notification support

Subject Access

SAR & FOI management

GDPR Training

Staff awareness courses

Schools DPO

Education sector specialist

Health & Safety

Workplace compliance

HR Services

Employment law support

On-Site Training

At your premises

Cybersecurity Training

Phishing & data security
Common Questions

Subject Access Requests FAQ

Can we charge for a SAR?

Generally no. SARs are free under UK GDPR. You may charge a reasonable fee or refuse only if the request is manifestly unfounded or excessive. The bar for this is very high. RADCaT advises on whether refusal or charging is justified in specific cases.

What is the deadline for responding?

SARs: one calendar month from receipt (can be extended by two months for complex requests with notification to the requester). FOIs: 20 working days. Missing these deadlines is a compliance failure that can trigger ICO investigation.

What if the SAR involves other people's data?

Third-party personal data must be redacted unless the third party consents or it is reasonable to disclose without consent. This requires careful assessment — particularly in school settings where pupil data, parent data and staff data often overlap in the same documents.

Do you handle SARs during employment disputes?

Yes. Employment-related SARs are often tactical — submitted during grievances, disciplinaries or pre-tribunal. They require careful handling to ensure compliance while protecting legally privileged material and management information. RADCaT has extensive experience with employment SARs.

What exemptions can we use?

Depends on the request type. SAR exemptions include third-party data, legal privilege, crime prevention, regulatory functions, management forecasting, negotiations and exam scripts. FOI exemptions include personal data, commercial interests, law enforcement and policy formulation. Each exemption has specific conditions.

Is SAR handling included in DPO services?

Yes. For RADCaT DPO clients, SAR and FOI management is included in the annual retainer. For non-DPO clients, we provide SAR handling as a standalone service.

How much does SAR management cost?

For DPO clients: included. Standalone: priced per request based on complexity. Volume packages for organisations receiving regular requests. Contact us for pricing.

Need SAR or FOI Support?

Get in touch for immediate support with a pending request or to discuss ongoing management.

Get SAR Support 0333 3233 785