SaaS suppliers are increasingly dealing with subject access requests (SARs) and freedom of information requests (FOIAs) in relation to SaaS customers.
Per Information Commissioner’s Office (ICO) issued at Subject Access Code of Practice we perform these upon receipt of a SAR:
- identify whether a request is actually a SAR;
- ensure they have enough information to be certain of the requester’s identity;
- consider whether any of the exemptions apply; and
- provide a response in a permanent form where appropriate, stating whether a fee is payable.