Your organisation logs receipt of all verbal and written privacy rights requests from individuals and updates the log to track the handling of each request.
There are processes in place to ensure the log is accurate and updated as appropriate.
The log shows the due date for requests, the actual date of the final response and the action taken.
A checklist records the key stages in the request handling process, eg. which team members, or departments have been searched. This is either part of the log or a separate document.
There are records of your organisation's request responses, and any disclosed or withheld information from information access requests.
Can your team locate relevant records easily?
Are the records correct?
Would a small sample of requests show that your team follows the policies and procedures?