IOLIS Legal Services

Data Protection Consultancy


Helping you to navigate complex data regulations and create the right culture in your business

Knowledge and advice on GDPR and the DPA 2018

There are three pieces of legislation which form the basis of the data protection rules in the UK, the General Data Protection Regulation (GDPR) which came into force in 2018, the Data Protection Act (DPA) 2018, and the Privacy and Electronic Communication Regulation (PECR).

The regulations are detailed and complicated and the way they impact on one another can be difficult to understand. Add in industry specific laws and requirements, and things can feel very confusing.

We cut through the complexity to make things simpler for your business, helping you make sense of the things you need to do to protect it.

IOLIS helps you incorporate effective data protection into everything you do, including your organisational culture and policies.

Subject Access Requests

bust beside columns

We help you get it right when it comes to a SAR

Under GDPR and the DPA 2018, people have the right to know what personal information your organisation holds about them.

They can submit a Subject Access Request (SAR) asking for copies of the data and ask you for the legal basis for holding it, how long you’ll keep it, and other details about what happens to it.

This can include requests from customers, potential customers, suppliers, members, employees, and ex-employees.

It can also include people with whom you have a dispute, such as former employees. As more people understand their rights, the number of SARs is growing, too.

So, should you send the information or not? Will it cause more problems later? What happens if the data mentions other people?

The answers to all these questions depend on the exact information and circumstances and getting specialist, experienced advice will help you avoid potential pitfalls.

IOLIS gives you all you need to fulfill your legal duties on SARs without damaging your business or its reputation unnecessarily. We’ll also help you avoid being the subject of a complaint to the ICO.

Does your UK business need advice on data protection and GDPR? Tell us how we can help you.

Call us to start the conversation on 0330 043 4812 or email

Contact us
IOLIS Legal Services is a trading style of IOLIS Ltd. Regd in England & Wales. Company Number 11968202. Regd office: C5 Business Centre, C5 North Road, Bridgend Industrial Estate, Bridgend, Wales, CF31 3TP. Total paid up share capital £10.
© 2023 IOLIS Ltd. | Website designed, hosted, and maintained by Jötnar Systems