DATA SUBJECT ACCESS REQUEST PROCEDURE

This Data Subject Access Request Procedure is effective from [INSERT THE DATE ON WHICH AGREEMENT COMES INTO FORCE] and applies to all employees and individuals requesting data access from the [INSERT THE NAME OF THE COMPANY] (hereinafter referred to as “Us” or “we” or “our” or “Company”).

1. PURPOSE
   1. The purpose of this procedure is to provide clear and structured guidelines to individuals seeking to access their personal data within the [INSERT THE NAME OF THE COMPANY]. It establishes a framework for handling data requests of various types of personal information, ensuring transparency and compliance with General Data Protection Regulation (GDPR). It outlines measures to protect sensitive and valuable data from unauthorized access, breaches and loss.
2. SCOPE
   1. This Procedure applies to all[INSERT THE NAME OF THE COMPANY] data controllers, processors, contractors or any employee with whom personal data is being maintained, distributed or stored within the Company.
3. RIGHT TO ACCESS
   1. Article 15 of the GDPR explicitly grants individuals or any third party the right to access and obtain their personal information that is being processed by the company/organizations. This right enables individuals to be informed about and verify the lawfulness of personal data, promoting transparency and accountability in data processing practices.
4. DATA SUBJECT ACCESS REQUEST (DSAR)
   1. An individual can submit a DSAR in writing or verbally to the [INSERT THE NAME OF THE COMPANY]’s Data Protection officer or any designated point of contact. The request shall include a detailed guidance on the required information along with individuals valid ID.
   2. Upon receiving a DSAR, [INSERT THE NAME OF THE COMPANY] will verify the identity of the individual making the request, to ensure that the disclosure of personal data is made to the rightful data subject and to prevent any unauthorized access.
   3. After verification, [INSERT THE NAME OF THE COMPANY] will promptly respond without undue delay and within 30 days from the date of receipt. In cases where the request is complex or numerous, we may extend the response time to 60 days and will inform the concerned individual of the delay and reasons for it.
   4. The designated personnel will locate and extract the requested data subject data from the relevant databases.
   5. The designated personnel must review the personal data to ensure that it does not include any third parties data and deliver the response securely to the requester’s verified address.
   6. The designated personnel must provide detailed information on the right to object and other rights granted to the individual under GDPR.
5. FEES
   1. We reserve the right to charge a reasonable fee if the DSAR is unfounded, excessive, or repetitive. The fee charges will be communicated to the individual in advance. Our Company does not charge any fee for the first copy of the requested personal data.
6. REVIEW AND TRAINING
   1. This procedure will undergo regular reviews to ensure its ongoing relevance and effectiveness. Updates will be made as needed to reflect changes in applicable data protection laws and Company practices.
   2. Our Company will regularly train employees involved in processing DSARs on Data protection principles.
7. COMPLIANCE
   1. Compliance with this procedure and applicable laws should be regularly monitored and audited to identify and address any potential gaps or non-compliance.
   2. Any identified breaches or non-compliance should be promptly investigated and appropriate corrective actions should be taken.
8. CHANGES TO THE POLICY
   1. We reserve to right to update and make changes to this procedure from time to time based on the working conditions of the Company and modifications to the applicable laws. The Company on updating this policy will inform the members of the Company.
9. FURTHER INFORMATION
   1. For any queries or further Information regarding our Company or about this Procedure, the concerned person can contact us through email[INSERT THE EMAIL ADDRESS OF COMPANY]
10. ACKNOWLEGEMENT
    1. We expect all employees and individuals to adhere to this procedure of the Company. The Company will apply this procedure consistently and fairly to ensure a harmonious and productive workplace for all.
    2. By signing below, you acknowledge that you have carefully read and understood the terms and contents of this procedure.

COMPANY                  

Authorized Signature

Print Name and Title

[INSERT THE NAME/DESIGNATION OF SIGNING AUTHORITY OF COMPANY]