Employee Subject Access Request Templates

These Subject Access Request templates help employers manage employee data access requests under the UK GDPR and the Data Protection Act 2018. A subject access request, often shortened to SAR or DSAR, allows an individual to ask an organisation whether it processes their personal data and to obtain access to that data.

The documents are designed to help employers respond consistently, gather the information needed to locate personal data, confirm identity where necessary, and manage response times for standard, unclear or complex requests.

Additional templates to help employers comply with data protection laws are available at Employment Data Protection Policies and Employment Privacy Notices.

What is a Subject Access Request?

A Subject Access Request is a request by an individual to access personal data held about them by an organisation. In an employment context, SARs may be made by employees, former employees, workers, contractors, job applicants or other individuals whose personal data is held by the business.

A SAR may ask what personal data is held, why it is being processed, where it came from, who it has been shared with, how long it will be retained, whether automated decision-making or profiling is used, and what rights the individual has in relation to that data. SARs are an important part of employee data protection compliance and should be handled carefully, particularly where HR records, emails, disciplinary documents, grievance records, sickness records, payroll data or personnel files are involved.

Downloadable SAR Templates

These practical templates enable employers to handle employees subject access requests from start to finish.

Employee’s Subject Access Request Form

The Employee’s Subject Access Request Form provides a structured form for employees or other data subjects to request access to personal data held about them by the company.

The form asks the requester to provide their name, contact details and specific information about the personal data they are requesting, including relevant dates or details that may help the employer locate the data. It also includes a declaration confirming that the individual is the data subject named in the form and that the request is being made under the UK GDPR.

Employees' Subject Access Request Policy

This Subject Access Request Policy gives employers a concise internal policy explaining how employee SARs will be handled.

The policy explains that individuals have the right to receive confirmation that the company processes their data and to access that data. It defines personal data and special category personal data, explains what a SAR may cover, and sets out how employees should make a request. It also confirms that SARs may be made verbally or in writing, although the employer may encourage written requests or use of a SAR form for efficiency.

The policy also covers response times, ID checks, fees, complex requests, excessive or repetitive requests, refusal grounds and complaints to the Information Commissioner’s Office.

Letter Acknowledging Subject Access Request

The SAR Acknowledgement Letter is a standard acknowledgement letter for use where an employer has received a SAR and can proceed with the request without needing further information or an extension at the outset.

The letter confirms receipt of the request, records the date it was received, optionally acknowledges identity evidence such as a passport or driving licence, and confirms that the company will respond as soon as possible and no later than one month from receipt.

This is the most straightforward acknowledgement template and is suitable for routine SARs where the request is clear and identity has been confirmed.

Request Fee Subject Access Request Acknowledgement Letter 

This SAR Acknowledgement Letter, asking for administrative fee and time to respond, is intended for complex, high-volume or time-consuming requests where an extension may be required and, where permitted, an administrative fee may be requested.

The template includes wording for situations where the request is complex and involves extensive review of emails or other documents, or where data is held in several locations. It allows the employer to state that the request is complex and that the timescale for response will be extended. It also includes optional wording for requesting an administrative fee where the company is prepared to comply with the request subject to payment of a fee reflecting the administrative cost.

This template should be used carefully, as SARs are generally free of charge and fees are only appropriate in limited circumstances, such as where requests are manifestly unfounded, excessive or repetitive, or where further copies are requested.

More Information Subject Access Request Acknowledgement Letter

This SAR Acknowledgement Letter, is designed for situations where the employer cannot respond properly until the requester provides additional details or confirms their identity.

The template allows the employer to ask for specific information needed to locate the requested personal data, such as approximate email dates, sender or recipient details, or other search information. It can also be used to request proof of identity, such as a certified copy of a driving licence or passport.

The time limit for responding to a subject access request is one month from the date of receipt. If a request is complex, the time period for response can be extended by a further two months.

Please click on the links below to view and download the templates:

Employee Subject Access Request Templates is part of Employment. Just £38.50 + VAT provides unlimited downloads from Employment for 1 year.