Data Subject Rights

The UK GDPR gives individuals a set of important rights relating to their personal data, including the right to be informed, access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making and profiling.

As a data controller, you will normally need to respond to requests to exercise these rights within one month and free of charge, with only limited exceptions.

This collection is designed as a practical toolkit. The documents are intended to work together so you can (a) explain the rights clearly to individuals and (b) follow a consistent process for acknowledging and handling requests.

When Should You Use These Templates?

Use this collection if you want a structured approach to:

giving individuals a clear explanation of their UK GDPR rights and how to exercise them (alongside your privacy policy or privacy notice);
handling rights requests consistently, including where you need proof of identity, a fee may be payable in limited circumstances, or additional time is required for complex or numerous requests;
keeping responses prompt and well-documented, using a set of letters drafted for common stages in the process.

What Templates Are Included?

Explaining The Rights

Data Subject Rights Guidance Notes

Detailed guidance on each right, including when it applies, how to comply, relevant time limits, and linked supporting documents where relevant.

Data Subject Rights Policy

A customer-facing or employee-facing policy explaining each right in user-friendly language, including how to exercise rights and key exceptions.

Letters For Handling Rights Requests (Common Stages)

Data Subject Rights Letter - Acknowledgement

A first response letter for general use, drafted so it does not assume which specific right the individual is exercising.

Data Subject Rights Letter - Acknowledgement and ID Request

An acknowledgement letter with wording to request confirmation of identity where you have reason to doubt the requester’s identity.

Data Subject Rights Letter - Acknowledgement and Fee Request

A letter to request a fee in the limited cases where a request is manifestly unfounded or excessive, and to explain timing.

Data Subject Rights Letter - Receipt of ID

A letter acknowledging receipt of identity confirmation and confirming the one-month response timeframe runs from receipt of that confirmation.

Data Subject Rights Letter - Receipt of Fee

A letter acknowledging receipt of a requested fee and confirming the response timeframe runs from the date the fee is received.

Data Subject Rights Letter - Additional Time Required

A letter for situations where you need longer to respond, including options reflecting the permitted extension of up to two months for complex or numerous requests.

Why Use These Templates?

These templates help you implement a repeatable process rather than dealing with rights requests on an ad hoc basis:

The policy and guidance notes help individuals understand their rights, and help your organisation apply the rules consistently.
The letter set supports clear, consistent communication at each stage, particularly where identity checks, fees, or extra time are involved.
Used alongside your privacy policy or privacy notice, the policy provides fuller explanations of rights without turning your privacy information into a long technical document.

For more information about each document in this collection, please click on the links below:

Data Subject Rights is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.

Business Buy Only £38.50 + VAT!
Unlimited Downloads for One Year
No Auto-Renewal