About our DPO Digest Session

This session provides a practical overview of handling Subject Access Requests (SARs), with particular focus on the growing rise of AI-generated and AI-assisted requests. It is designed to provide a solid grounding in the fundamentals, ensuring staff are confident in spotting, assessing, and managing requests appropriately...  even where they are lengthy, technical, or clearly drafted using artificial intelligence tools.

What this course contains

The course provides a clear introduction to SARs, focusing on:

• What a Subject Access Request is and who can make one.
• The rights individuals have under UK GDPR.
• How to recognise a SAR in different forms, including AI-generated or template-based requests.
• Common characteristics of AI-drafted SARs and how to approach them proportionately.
• The timescales and procedural requirements for responding.
• Key considerations before starting a response (verification, scope, clarification, and proportionality).
• Managing overly broad or complex requests confidently and lawfully.
• An overview of how SARs fit into a school’s wider data protection responsibilities.

Why this matters

Schools are increasingly receiving detailed, technical, and sometimes extensive SARs generated using AI tools. While the right of access remains unchanged, these requests can create operational pressure and uncertainty.

Responding correctly is essential to uphold individuals’ rights while ensuring requests are handled proportionately and within the law. Misunderstanding obligations, particularly in response to complex or AI-drafted requests, can lead to unnecessary workload, delays, complaints, or enforcement action. This session provides clarity, reassurance, and practical strategies for managing modern SAR challenges effectively.

Intended outcomes

By the end of the session, participants will:

1. Understand the purpose and scope of Subject Access Requests.
2. Be able to recognise and assess SARs, including AI-generated requests.
3. Know the key legal requirements, including timescales, verification, and clarification.
4. Gain confidence in managing complex or broad SARs proportionately and lawfully as part of day-to-day compliance.

Assessment

There is no formal assessment. A live Q&A will be available throughout the session to support practical understanding and application.

Date and Time

• Tuesday, 24th March 2026 at 10:00am – 10:45am.

Location

• This course will be run remotely via Zoom.
  
  

Cost

The cost of this briefing is £30 plus VAT per person for Judicium Data Protection Clients and £45 plus VAT per person for non-Judicium Data Protection Clients.

How to book

Click HERE to register your place on this course or the BOOK NOW button at the top of the page.  If you have any questions about this course please contact us via phone 0345 548 7000 (opt 1, then 1) or email: dataservicesadmin@judicium.com.

Please find our terms and conditions for bookings here: https://www.judiciumeducation.co.uk/dpo-training-terms-and-conditions-26