More and more law firms are at the receiving end of subject access requests. These SARs can be from clients, the other side, third parties or staff.

What will you get from this webinar?
In this webinar, you will learn about the legal framework surrounding Subject Access Requests (SARs) under the UK GDPR and Data Protection Act 2018. The session will explain what qualifies as a valid SAR, who can make a request, and what information must be disclosed in response. You’ll gain a clear understanding of the obligations and timescales law firms must adhere to when handling requests from clients, opposing parties, or third parties.
The webinar will also explore practical considerations such as redacting personal data, identifying exemptions, and maintaining client confidentiality. Real-life examples will illustrate how to respond proportionately and compliantly, especially in complex or contentious cases.
Whether acting for the data subject or responding on behalf of a data controller, this session offers essential guidance for solicitors, compliance teams, and support staff. You’ll leave with practical tools to help manage SARs confidently and lawfully, reducing the risk of legal exposure or complaints.

Your presenter, Kristy Gouldsmith, is a data protection law specialist and partner at Spencer West LLP.
She has years of experience in advising a wide variety of organisations across all sectors, including SaaS platforms, retailers, manufacturers, schools, care homes, financial services, law firms and property developers. Kristy advises clients of all sizes, from small businesses to large American multi-national companies.
Kristy has a Master’s degree in law, is a Certified Information Privacy Professional for Europe (CIPP/E) and is an Approved Implementor for the ICO Standard for law firms, LOCS-23.
When is the webinar taking place?
Date: Tue, 08 Jul
Time: 12:30 – 13:00 BST
Location: Online