Your Data, Your Rights: A Guide to Subject Access Requests

Data Protection
Written By Ryan Jarvis

As a legal professional, it is my duty to ensure that individuals are well-informed about their legal rights, especially concerning data protection. In this blog post, I will guide you through the process of making a Subject Access Request (SAR) under the UK General Data Protection Regulation (UK GDPR) as tailored by the Data Protection Act 2018. This is an important right that allows you to access your personal and sensitive data held by organisations.

What is a Subject Access Request?

A Subject Access Request (SAR) is your right to request all the personal data that an organisation holds about you. This includes both personal and sensitive data. By making a SAR, you can:

  • Confirm whether an organisation is processing your data.

  • Access a copy of your personal data.

  • Understand how and why your data is being used.

Why is This Important?

Understanding what data is held about you, and how it is being used, is crucial for protecting your privacy and ensuring that your data rights are respected. It can also help you identify any inaccuracies and request corrections.

How to Make a Subject Access Request

To make a SAR, you need to contact the organisation that holds your data. Below is a step-by-step guide and a template you can use.

Step-by-Step Guide:

Identify the Data Controller: This is the organisation or individual responsible for processing your data.

Prepare Your Request: Write a clear and concise letter including all necessary details to help the data controller locate your information.

Include Essential Information:

  • Your full name

  • Your address

  • Date of birth

  • Any relevant reference numbers (e.g., account numbers)

Specify Your Request: State that you are making a SAR under the UK GDPR and Data Protection Act 2018. Ask for:

  • Confirmation of whether your data is being processed

  • A copy of your personal data

  • Information on the purposes, categories, and recipients of your data

  • Details on data storage periods, your rights, and any automated decision-making

Send Your Request: Submit your SAR to the data controller, either by post or email. Keep a copy for your records.

Example Template

Your information will be handled according to my privacy policy  and you can unsubscribe at any time by following the unsubscribe link in the emails.

Making a Subject Access Request is your right and can be done with ease by following the steps outlined above. Always ensure to provide all necessary information to help the data controller locate your data. By understanding and exercising your rights, you can take control of your personal data and ensure it is being used appropriately.

Your data rights are important—stay informed and proactive in protecting them.

Resources

Ryan Jarvis
Next

Victory for Transparency: A Triumph Over Greater Manchester Police's FOIA Challenge