SAR Portal – Privacy Definitions

Hunter Nelson
Published: November 11, 2018
Last Updated: June 27, 2024
SAR Portal Privacy Definition
Home » Blog » SAR Portal – Privacy Definitions
Free Web Marketing Consultations

Helping B2B Technology Companies Increase Their Lead Volume.
Serving: IT, MSP, Cybersecurity, Software Dev, SaaS, ISV, VARs & More.
Apply Now
Table of Contents
    Add a header to begin generating the table of contents

    SAR Portal

    The GDPR and subsequent chain of privacy laws passed in countries around the world have resulted in a slough of new lingo for privacy professionals and IT professionals to learn.  One of these new terms is the SAR portal.  SAR portal stands for Subject Access Request Portal.  Many of the new privacy laws grants certain rights to the citizens of their countries that allow them to make certain requests to businesses and other organizations that collect and process personal data.  The types of rights that are granted to citizens varies from country to country.  Some example requests that can be made are:

    • Access personal data on file
    • Correct or rectify personal data
    • Request to have personal data deleted
    • Object to profiling
    • Challenge automated decision making algorithms
    • Have personal data transferred from one entity to another
    • Restrict processing (collect and store data only)

    Benefits of Portal Software

    There requests typically have to be responded to in defined timelines and violations carry a fine.  As such many organizations, especially those that manage a portfolio of applications or experience a higher volume of these requests implement centralized request portals where citizens are funneled to make their requests. These SAR portals reduce complexity in the fulfillment of requests when compared to managing multiple email inboxes on different domains (privacy@yourdomain1.com, privacy@yourdomain2.com), call in requests, mail in requests, or other channels.  By centralizing privacy teams and funneling privacy requests through a central portal, fulfillment errors and delays are reduced. The list of countries implementing national privacy laws is growing and implementing a compliance and response workflow for these type of requests can benefit companies without a compliance burden.  Consumers are coming to take fulfillment of these requests as a granted, and denial of a request or even inability to submit one can damage customer trust and relationship with the brand.  Therefore companies wishing to remain competitive in the global landscape and build credibility with their customers should consider the implementation of a SAR portal.  Links to submit requests to the portal are often times included in the Privacy Policy a natural place to visit when looking for information on privacy related concerns.

    Share This Article
    Posted in:
    Tagged:

    Hunter Nelson

    Hunter is the founder and president of Tortoise and Hare Software, a digital marketing agency for the technology sector and other lead generation oriented businesses. Hunter has more than 10 years’ experience building web applications and crafting digital strategies for companies ranging from scrappy startups to Fortune 50 household names. When not on the clock, you'll find him spending time with his family and pups, relaxing on the beach, or playing competitive online video games. See for more.

    Leave a Comment





    Recent Blog Posts

    SEO Not Working: Here’s Why

    Lately I’ve been getting on more and more calls lately with people saying something along the lines of “we’ve been doing SEO or inbound for 6 months, 12 months, or…

    Why SEO Investments Help Your MSP Weather a Recession and Keep the Door Open for New Opportunities

    What happens to your pipeline when the phones go quiet, inboxes stay cold, and paid ads stop converting? That’s not a hypothetical. It’s what happens in a recession. Budgets freeze.…

    MSP Marketing – How to Build a Strategy That Works

    Let’s be honest—most MSP marketing doesn’t work.Not because the tactics are bad, but because they’re unaligned. What looks like a marketing problem is often a strategy problem in disguise. Most…

    The 10 Best MSP SEO Agencies To Help You Grow Organic Traffic

    If you’re searching for SEO agencies for MSPs, the list of generalists can feel endless—and underwhelming. Most SEO providers don’t understand the managed services space, much less the buyer behavior,…

    Why Your MSP’s Online Marketing Efforts Are Failing

    If you’re leading an MSP and investing in online marketing, you’re probably feeling a growing sense of frustration. You’ve put money into websites, content, ads—even hired an agency or two…

    What Makes a Great MSP Website? 5 Examples You Should Follow

    Your MSP website is more than just an online brochure—it’s a powerful tool for attracting and converting potential clients. But what makes a website truly effective in the competitive managed…

    Related Blog Posts

    CMMC Presents New Marketing And Sales Opportunity for MSPs

    Have you heard about the Cybersecurity Maturity Model Certification (CMMC)? It’s a universal standard meant to enhance and normalize cybersecurity throughout the Defense Industrial Base (DIB). Released on January 31,…

    Why do I need a Privacy Policy?

    Data privacy is a topic that is of growing concern to many consumers around the U.S. and you may have heard the term privacy policy a time or two in…

    One Way Hash Functions and Data Privacy Compliance.

    This article will discuss how a one way hash function can be used in the context of privacy compliance for regulations like the GDPR. Storing customer’s personal data is an…

    GDPR Principles: Accuracy

    The accuracy principle states that controllers and processor should make reasonable efforts to ensure personal data is accurate.  They must allow citizens to challenge the accuracy of data and take steps to rectify or erase the data associated with the challenge.  Verification is sometimes needed to ensure data is accurate.  Controllers and processors should consider the impact to the individual and whether they collected the data or the user provided it when determining appropriate verification steps.  Organizations should document challenges and their responses thoroughly and in a timely manner. They should also document the thought process for determining whether personal data needs to be verified and the verification steps taken if necessary.

    GDPR Principles: Data Minimization

    Data minimization is the concept of collecting the minimum amount of data needed to carry out the stated purpose and no more.  When conducting a data minimization evaluation you must ensure that the data collected is adequate and relevant to your stated purpose as well as limited. The onus is on the organization to document compliance with this principle.  We recommend documenting a review of this principle each time new personal data is collected or processed.  Conduct at least an annual audit of personal data that has been collected or processed to ensure that changes in the business have not impacted compliance with the data minimization principle.

    GDPR Principles: Purpose Limitation

    The GDPR’s purpose limitation principle constrains the use of personal data to the original purposes or those purposes compatible with the original purpose.  There are a handful of pre-approved compatible purposes such as archiving purposes in the public interest, scientific and historical purposes, and statistical purposes. Under the GDPR, the burden falls on controllers and processors to document their purposes and reasoning behind them.  These must be documented externally to be transparent to the end user, and internally with regular audits. Care must be taken when deciding a purpose is compatible with the original.  An analysis must be conducted to determine compatibility and it’s a good idea to document the reasoning behind claiming a purpose is compatible with the original. Make sure to consider linkages to the original purpose, and consequences to the end user.

    Top Blog Content

    The Ultimate Guide To MSP SEO

    Search Engine Optimization (SEO) is one of the most important ways to attract new business for mid-market managed service providers (MSP). If you look at MSPs that have achieved any…

    The Ultimate Guide To Paid Search On Google Ads For Managed Service Providers

    Generating leads for your MSP can be a challenge. You spend so much time managing employees, making sure customer support tickets are answered, procuring hardware, and defending against cyber threats,…

    The Ultimate Guide To MSP Website Optimization

    A well-optimized website is essential for Managed Service Providers (MSPs) looking to scale their business, attract more leads, and achieve a lucrative exit. A lot of MSPs check a few…

    The Ultimate Guide to Hiring an MSP Marketing Agency

    Are you one of the many MSPs struggling to attract new clients consistently? According to research conducted by MSP Dojo, a leading MSP sales consulting firm, approximately 85% of MSPs…

    The Ultimate Guide To Setting A Marketing Budget For IT Companies

    Many IT companies get their start as a one-man operation and rely almost exclusively on word of mouth, referrals, and other organic offline means to get past their initial growth…

    Featured Review of Tortoise and Hare

    ryan drake president nettech consultants
    R.D.
    President Florida Based MSP

    Tortoise and Hare has been a key partner in our MSP's growth. Over the year's we've worked together they've helped our MSP dramatically increase our website traffic, and build a steady stream of leads sourced from our website and advertising efforts. Over that time, we've been able to raise our base customer size, build economies of scale to more efficiently service customers, and expand into new markets.