The Challenge
Subject access requests often go wrong in three ways: the clock starts late, the search is inconsistent, and the response is unreadable to the person who asked. Whether it is an account closure, a fraud investigation, or a credit decision, people deserve a clear answer within the statutory deadline.
My Approach
I handle subject access requests, support data governance, and translate data protection requirements into language that people can actually understand. My approach is practical: making sure organisations meet their legal obligations while treating the people behind the data with respect.
- Start with the person, not the paperwork - Every request represents someone trying to understand what you know about them
- Translate legal requirements into plain English - Compliance shouldn't require a law degree to understand
- Build processes that are sustainable, not just compliant - One-off fixes don't scale; good systems do
Impact
- Processed over 100 SARs at Monzo Bank within statutory deadlines, covering account closures, fraud cases, and credit decisions
- Built a governance framework and SAR handling process for UTAW, a national trade union branch with no prior data protection infrastructure
- Rewrote data protection communications so members and customers could understand their rights without needing legal training
Relevant Experience
- UTAW Data Protection Officer (volunteer): Supporting the UTAW National Branch of the Communication Workers Union with SAR handling, data governance, and compliance with UK GDPR and the Data Protection Act 2018.
- Monzo Bank: Processed over 100 subject access requests across account closures, fraud investigations, and credit decisions, all within statutory deadlines.