GDPR staff training 16/17 – how to handle data subject requests?