How do I handle an Access Request?

Article 15 of GDPR, “the right of access” is a powerful and often less discussed aspect of the GDPR that is designed to empower data subjects (you and I) with TOTAL visibility of the information that organisations and public bodies hold about us.

In short, what this means from a practical perspective is that any one (or all) of your clients has the right at any time to request EVERY scrap of data that you hold about them within 30 days of their request.

At present, no one has any feel for the volume of Access Requests that organisations might receive but suffice to say that dealing with them could be very onerous if you don't have the right tools in place.

Thankfully, we do!

  1. To get started click on Main Menu->Tools->Access Requests

  3. Log the details of the request and hit save:
  4. At this point you have fulfilled your initial obligations under Article 15 of the GDPR and you need to await verification of the identity of the person making the request. You need something like a driving licence or passport that will allow you to visually verify they are who they say they are. For your own protection I would recommend copying their ID and attaching it to the client record.

  5. In the background, WriteUpp will be working its magic and pulling together all of the data that you hold about the client. As this can sometimes be a fairly intensive task we queue up each Access Request and set its status to “Pending” until the content is ready. This normally takes 30-60 seconds and once its available to download the status is set to “Complete”.

  6. Having verified the identity of the requestor just click on Main Menu->Tools and you will see a log of your Access Requests along with a download link. For security reasons this automatically expires 7 days after it has been created.
  7. Find the request relating to your requestor and click on “Download”. A ZIP file will be saved to your hard drive with contents that will be structured like this:
    • Assessments, Notes and Consents are all placed into folders and converted into PDFs
    • Appointments, Episodes and Invoices are summarised in .csv files
    • The Patient tab is summarised in a file called client-summary.pdf

      Please keep in mind the contents of the ZIP file are dependent on what data you hold about the client
  8. Once you have reviewed the contents of the ZIP file you should immediately password protect it using your preferred ZIP utility
  9. You can then complete the process and fulfil your Article 15 obligations by emailing the ZIP file to the requestor or by providing it to them on optical media. In both cases the ZIP file should be password protected.

Need More Help?

We understand that not everything is black and white, so if you need some help, click "Submit A Request" ticket and one of our team will help you out as soon as possible.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk