SAR Portal – Privacy Definitions

SAR Portal Privacy Definition
Home » Blog » SAR Portal – Privacy Definitions
Free Web Marketing Consultations

Helping B2B Technology Companies Increase Their Lead Volume.
Serving: IT, MSP, Cybersecurity, Software Dev, SaaS, ISV, VARs & More.

Table of Contents
    Add a header to begin generating the table of contents

    SAR Portal

    The GDPR and subsequent chain of privacy laws passed in countries around the world have resulted in a slough of new lingo for privacy professionals and IT professionals to learn.  One of these new terms is the SAR portal.  SAR portal stands for Subject Access Request Portal.  Many of the new privacy laws grants certain rights to the citizens of their countries that allow them to make certain requests to businesses and other organizations that collect and process personal data.  The types of rights that are granted to citizens varies from country to country.  Some example requests that can be made are:

    • Access personal data on file
    • Correct or rectify personal data
    • Request to have personal data deleted
    • Object to profiling
    • Challenge automated decision making algorithms
    • Have personal data transferred from one entity to another
    • Restrict processing (collect and store data only)

    Benefits of Portal Software

    There requests typically have to be responded to in defined timelines and violations carry a fine.  As such many organizations, especially those that manage a portfolio of applications or experience a higher volume of these requests implement centralized request portals where citizens are funneled to make their requests. These SAR portals reduce complexity in the fulfillment of requests when compared to managing multiple email inboxes on different domains (privacy@yourdomain1.com, privacy@yourdomain2.com), call in requests, mail in requests, or other channels.  By centralizing privacy teams and funneling privacy requests through a central portal, fulfillment errors and delays are reduced. The list of countries implementing national privacy laws is growing and implementing a compliance and response workflow for these type of requests can benefit companies without a compliance burden.  Consumers are coming to take fulfillment of these requests as a granted, and denial of a request or even inability to submit one can damage customer trust and relationship with the brand.  Therefore companies wishing to remain competitive in the global landscape and build credibility with their customers should consider the implementation of a SAR portal.  Links to submit requests to the portal are often times included in the Privacy Policy a natural place to visit when looking for information on privacy related concerns.

    Share This Article
    Posted in:
    Tagged:

    Hunter Nelson

    Hunter is the founder and president of Tortoise and Hare Software, a digital marketing agency for the technology sector and other lead generation oriented businesses. Hunter has more than 10 years’ experience building web applications and crafting digital strategies for companies ranging from scrappy startups to Fortune 50 household names. When not on the clock, you'll find him spending time with his family and pups, relaxing on the beach, or playing competitive online video games. See for more.

    Leave a Comment





    Recent Blog Posts

    Aesopians E8 – How SaaS Companies Are Maintaining Brand Integrity and Operationalizing Growth with HubSpot Ft. Mohamed Hamad Of Third Wunder Agency

    SaaS companies move fast—but if your branding and systems can’t keep up, growth can actually become a liability. In this episode of the Aesopians Podcast, host Hunter Nelson is joined…

    The Ultimate Guide To ChatGPT SEO

    Most SEO professionals are racing to understand how AI tools are reshaping visibility. But the biggest shift isn’t coming from Google—it’s coming from ChatGPT. As organic search volumes and conversions…

    MSP Google Ads Costs and Pricing

    You’ve heard Google Ads can generate leads quickly, but you’re not sure how much to budget, what kind of results to expect, or whether it’s really worth the spend. Many…

    Aesopians E7 – Joining The Feel Good MSP Sales Training Program Ft. Brian Gillette

    In this episode of the Aesopians Podcast, we sit down with Brian Gillette, founder of Feel-Good MSP and creator of the “Feel-Good Close.” If you’re an MSP leader who’s tired…

    MSP Advertising Strategy: 3 Fundamental Approaches to Drive Real Growth

    Is your MSP making effective use of your advertising budget, or are you weighed down too much by bottom of funnel advertising tactics that leave you in a perpetual cycle…

    How We Save Thousands With Negative Keywords For MSP Google Ad Campaigns

    Google Ads is one of the most powerful inbound lead generation channels available to managed service providers. There are few better moments to introduce your brand than when someone is…

    Aesopians E5: From Tech To Rep: Year 1 In MSP Sales Ft. Ashton Fortuna

    Most MSPs hesitate to move technicians into sales—worried they’ll lack the polish, confidence, or killer instinct to close deals. Sales is a different game. Techs solve problems with systems; sales…

    SEO Not Working: Here’s Why

    Lately I’ve been getting on more and more calls lately with people saying something along the lines of “we’ve been doing SEO or inbound for 6 months, 12 months, or…

    Why SEO Investments Help Your MSP Weather a Recession and Keep the Door Open for New Opportunities

    What happens to your pipeline when the phones go quiet, inboxes stay cold, and paid ads stop converting? That’s not a hypothetical. It’s what happens in a recession. Budgets freeze.…

    MSP Marketing – How to Build a Strategy That Works

    Let’s be honest—most MSP marketing doesn’t work.Not because the tactics are bad, but because they’re unaligned. What looks like a marketing problem is often a strategy problem in disguise. Most…

    The 10 Best MSP SEO Agencies To Help You Grow Organic Traffic

    If you’re searching for SEO agencies for MSPs, the list of generalists can feel endless—and underwhelming. Most SEO providers don’t understand the managed services space, much less the buyer behavior,…

    Why Your MSP’s Online Marketing Efforts Are Failing

    If you’re leading an MSP and investing in online marketing, you’re probably feeling a growing sense of frustration. You’ve put money into websites, content, ads—even hired an agency or two…

    What Makes a Great MSP Website? 5 Examples You Should Follow

    Your MSP website is more than just an online brochure—it’s a powerful tool for attracting and converting potential clients. But what makes a website truly effective in the competitive managed…

    Case Study: Cold Start To 2-5 Leads Per Month Via Local SEO For MSP In Canada

    Client Background A Managed IT Services Provider (MSP) in British Columbia, Canada engaged us to establish a professional online presence and generate a steady flow of inbound leads. Before working…

    Aesopians Episode 4: Leading with Cybersecurity To Spark MSP Sales Conversations – Featuring Michael Bakaic Of Iceberg Cyber

    In this episode of the Aesopians Podcast, Hunter Nelson sits down with Michael Bakaic from Iceberg Cyber to discuss how MSPs can use cybersecurity as a conversation starter to attract…

    WordPress Out OF Memory Exceptions

    Recently I’ve been dabbling in programmatic SEO. I got an idea of rolling out a landing page to attract search engine traffic from every major city in the United States…

    Aesopians Episode 3 – Cold Email Marketing For MSPs Featuring Jeffrey Newton Of Cyft.AI

    In this episode of The Aesopians Podcast, Hunter Nelson sits down with Jeffrey Newton, Co-founder of Cyft and former MSP sales and marketing leader, to discuss the realities of running…

    Case Study: Sourcing 30+ Email Opt-Ins Per Month For Cybersecurity SaaS Startup Via Google Ads

    In this case study we’ll share how we helped a Cybersecurity SaaS startup source roughly 30 email opt-ins per month via Google Ads to help fuel their email marketing efforts…

    Aesopian’s Episode 2 – Streamlining SEO Content Production Featuring Raj Khera Of Make Media

    In this episode of the “Aesopians” podcast, we’re joined by Raj Khera, a serial entrepreneur and the founder of Make Media, to discuss how small businesses can transform their approach…

    Aesopians Episode 1 – Azure Cloud For MSPs

    In the debut episode of Aesopian’s Podcast, host Hunter Nelson sits down with Matt Hache, an infrastructure consultant at PAX8 and founder of Neon Cobra, to explore how Managed Service…

    Related Blog Posts

    CMMC Presents New Marketing And Sales Opportunity for MSPs

    Have you heard about the Cybersecurity Maturity Model Certification (CMMC)? It’s a universal standard meant to enhance and normalize cybersecurity throughout the Defense Industrial Base (DIB). Released on January 31,…

    Why do I need a Privacy Policy?

    Data privacy is a topic that is of growing concern to many consumers around the U.S. and you may have heard the term privacy policy a time or two in…

    One Way Hash Functions and Data Privacy Compliance.

    This article will discuss how a one way hash function can be used in the context of privacy compliance for regulations like the GDPR. Storing customer’s personal data is an…

    GDPR Principles: Accuracy

    The accuracy principle states that controllers and processor should make reasonable efforts to ensure personal data is accurate.  They must allow citizens to challenge the accuracy of data and take steps to rectify or erase the data associated with the challenge.  Verification is sometimes needed to ensure data is accurate.  Controllers and processors should consider the impact to the individual and whether they collected the data or the user provided it when determining appropriate verification steps.  Organizations should document challenges and their responses thoroughly and in a timely manner. They should also document the thought process for determining whether personal data needs to be verified and the verification steps taken if necessary.

    GDPR Principles: Data Minimization

    Data minimization is the concept of collecting the minimum amount of data needed to carry out the stated purpose and no more.  When conducting a data minimization evaluation you must ensure that the data collected is adequate and relevant to your stated purpose as well as limited. The onus is on the organization to document compliance with this principle.  We recommend documenting a review of this principle each time new personal data is collected or processed.  Conduct at least an annual audit of personal data that has been collected or processed to ensure that changes in the business have not impacted compliance with the data minimization principle.

    GDPR Principles: Purpose Limitation

    The GDPR’s purpose limitation principle constrains the use of personal data to the original purposes or those purposes compatible with the original purpose.  There are a handful of pre-approved compatible purposes such as archiving purposes in the public interest, scientific and historical purposes, and statistical purposes. Under the GDPR, the burden falls on controllers and processors to document their purposes and reasoning behind them.  These must be documented externally to be transparent to the end user, and internally with regular audits. Care must be taken when deciding a purpose is compatible with the original.  An analysis must be conducted to determine compatibility and it’s a good idea to document the reasoning behind claiming a purpose is compatible with the original. Make sure to consider linkages to the original purpose, and consequences to the end user.

    GDPR Principles: Lawfulness, Fairness and Transparency

    The first principle of the GDPR, Lawfulness Fairness and Transparency focuses mostly on the underlying reasons for collecting and processing personal information and how it will be used.  It outlines the need for a lawful basis for processing and discusses the 6 bases for processing that have been identified. The bases of consent is the most recommend basis and organizations would do well to ensure they establish proper consent collection mechanisms.  It ensures that data is collected fairly and that the collection does not present unjust injury to an individual or group of individuals, regardless of how many other individuals are unaffected.  It ensures that organizations are being transparent in the way they inform their users on the type of information that is collected and the way it will be processed and used.  The responsibility lies within the collecting organization to document compliance with principles of the GDPR.  Establishing a process for documenting a lawful basis for processing, fairness, and transparency in collection will leave organization prepared for regulatory scrutiny, help avoid lawsuits and fines.  

    Top Blog Content

    The Ultimate Guide to Hiring an MSP Marketing Agency

    Are you one of the many MSPs struggling to attract new clients consistently? According to research conducted by MSP Dojo, a leading MSP sales consulting firm, approximately 85% of MSPs…

    The Ultimate Guide To MSP Website Optimization

    A well-optimized website is essential for Managed Service Providers (MSPs) looking to scale their business, attract more leads, and achieve a lucrative exit. A lot of MSPs check a few…

    The Ultimate Guide To Paid Search On Google Ads For Managed Service Providers

    Generating leads for your MSP can be a challenge. You spend so much time managing employees, making sure customer support tickets are answered, procuring hardware, and defending against cyber threats,…

    The Ultimate Guide To MSP SEO

    Search Engine Optimization (SEO) is one of the most important ways to attract new business for mid-market managed service providers (MSP). If you look at MSPs that have achieved any…

    The Ultimate Guide To Setting A Marketing Budget For IT Companies

    Many IT companies get their start as a one-man operation and rely almost exclusively on word of mouth, referrals, and other organic offline means to get past their initial growth…

    Featured Review of Tortoise and Hare

    ryan drake president nettech consultants
    R.D.
    President Florida Based MSP

    Tortoise and Hare has been a key partner in our MSP's growth. Over the year's we've worked together they've helped our MSP dramatically increase our website traffic, and build a steady stream of leads sourced from our website and advertising efforts. Over that time, we've been able to raise our base customer size, build economies of scale to more efficiently service customers, and expand into new markets.