GDPR Compatible Subject Access Request Form

Employee's Subject Access Request Form – GDPR Compliant

EMP.DAT.03

This Subject Access Request Form – GDPR Compliant should be used by individuals who are making a request under the General Data Protection Regulation (GDPR) for information held about them by a company. As the GDPR applies to all personal data that an organisation processes, employers should accept subject access requests not just from employees, but also from workers, contractors, apprentices and volunteers. 

The GDPR allows individuals to access information from organisations that process their personal data by means of a subject access request. The company must advise the employee on:

  • whether or not the employee's personal data is being processed;
  • the purposes of the processing and the categories of personal data concerned;
  • the recipients to whom the data has been or will be disclosed;
  • how long the data will be stored, or how that period is determined;
  • the employee's rights in relation to the rectification or erasure of data, the restriction of processing and how to object to processing;
  • the employee's right to lodge a complaint with the supervisory authority;
  • any third-party sources of the data, where this information is available; and 
  • information about the logic involved in any automated decision-making, if applicable.

The company is also required to provide the employee with a copy of the personal data undergoing processing. If the subject access request is made electronically, then the information must also be provided in a commonly used electronic format, unless the individual agrees otherwise.

Employers should be aware that an employee can make a subject access request in any format and the subject access request form does not have to be used.

Under GDPR, the time limit for responding to a subject access request is one month from the date of receipt. If a request is complex, the time period for response can be extended by a further two months.

This Subject Access Request Form – GDPR Compliant is in open format.

Once you have purchased access to the appropriate document folder, click on the “Download” button below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing. Download

Top