Trustpilot
E-Sign Banner
ISO 27001 Certified
Welcome to Simply-Docs
Corporate
Employment
Health & Safety
Property
Samples & Free
Business
UK GDPR & Data Protection
Data Subject Access Requests
Download

Data Subject Access Request Guidance Notes

BS.DAT.SAR.GN.01

These Data Subject Access Request Guidance Notes explain how subject access requests (SARs) work under UK data protection law and how organisations should deal with them in practice.

They cover the right of access under the UK GDPR, including what individuals are entitled to receive, how to recognise a request, and the key procedural rules that apply when responding.

The notes have been updated to reflect changes introduced by the Data (Use and Access) Act 2025, including the statutory requirement to carry out “reasonable and proportionate” searches for personal data.

What these guidance notes help you with

SARs are a core part of UK data protection compliance. An individual can ask what personal data you hold about them, what you use it for, and why, and is also entitled to a copy of that personal data.

These guidance notes help you understand the rules around handling those requests properly, including the fact that there is no prescribed format a SAR must follow and that compliance is not optional except in limited circumstances.

What is covered

  • what information must be provided in response to a SAR;
  • how to identify a SAR in practice;
  • time limits, fees, and when further information may be requested;
  • requests made on another person’s behalf;
  • dealing with personal data that includes information about other individuals;
  • the role of data processors; and
  • the limited grounds for refusing to comply.

A useful starting point for a SAR process

These notes are useful if you need practical guidance on the legal and procedural issues that arise when responding to subject access requests.

If you also want an internal workflow document, see the Data Subject Access Request Policy and Procedure. For handling requests in practice, this guidance can also be used alongside the SAR Letter - Acknowledgement, SAR Letter - Fee and or Additional Time, and SAR Letter - No Data Found.

Data Subject Access Request Guidance Notes is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.

Download
Business Buy Only £38.50 + VAT!
Unlimited Downloads for One Year
No Auto-Renewal
All Data Subject Access Requests
All UK GDPR & Data Protection

Simply-4-Business Ltd Registered in England and Wales No. 4868909, 20 Mortlake High Street, Mortlake, London SW14 8JN

Trustpilot
Top