IT Support &
Business Software

GDPR and Subject Access Requests (SARs)


Under the new GDPR regulations, individuals have the right to request all information that an organisation holds on them. This includes whether an organisation is processing their personal data and if so, to be told:

  • What personal data is being processed
  • The purposes for which the personal data is being processed
  • Who, if anyone, the personal data is disclosed to
  • The extent to which it is using personal data for making automated decisions relating to the data subject and, if so, what logic is being used for that purpose

How do Subject Access Requests affect your business?

Companies are required to respond to Subject Access Requests (SARs) by providing copies of the personal data held. These should be in an intelligible format and include details on the sources of the data.  There is currently a 40 day time limit to respond and companies cannot charge for providing this information.

Handling subject access requests effectively and within the legal timeframe remains a challenge for many companies especially where SARs are becoming increasingly onerous.

The amount of information held about employees and former employees can be vast. This includes information held in a personnel file, internal memorandums, meeting notes or simply email correspondence. Failing to respond can expose the business to a claim, fines, enforcement action and reputational damage.

Subject Access Requests and Opera 3

For clients using Opera 3, Pegasus has released a new module that allows you to search the Opera system to provide data for SARs.

The ‘Personal Data Search’ tool is simple to use and extremely effective. It identifies personal data in Opera 3 and presents it in the required format, a process which would otherwise take considerable time.

This tool will be invaluable when you receive Subject Access Requests from customers, prospects, suppliers or employees. It will allow you to locate the relevant data and provide it in either a printed or electronic format.

Want to know more? Contact PCR today for more information on GDPR compliance and Opera 3.


Josie Sullivan Leroy Reid & Co

Very helpful in supplying the system required with very little down time. Personable and professional in guiding us along the right path. Nothing is too much for them.

David Halloway Southern Testing

Support with a sense of fun!

Carmel Clarke Kingswood Controls

Professional and extremely helpful. PCR will go above and beyond to resolve any IT problems that you may have.

Max Somper Metamark

PCR are very much on the same page as ourselves. They're very flexible, pragmatic about response, efficient, and they've always been the best choice for us as a business.

Keith Faulkner Brainwaves Books

Over the years, I've seen PCR grow and develop, but their attitude and customer service has never altered. The quality of their service remains constant.

Alex Arscott Richard Russell Panels

A good honest company we've dealt with since the year dot.

Contact us now