Data Subject Rights Policy

This Data Subject Rights Policy is designed to explain the rights individuals have under the UK GDPR in clear, user-friendly language. It is intended for use as a customer-facing or employee-facing document alongside your existing privacy information, helping you give fuller explanations of those rights and how they may be exercised.

It is particularly useful where a privacy policy or privacy notice gives only a shorter summary of those rights.

What this policy helps you explain

The policy covers the main UK GDPR rights available to data subjects, including:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• rights relating to automated decision-making, including profiling.

Explaining how rights can be exercised

This template explains how individuals can exercise their rights in practice. By default, that may be done by contacting you directly, but the policy can also accommodate alternative methods where appropriate, for example where rights can be exercised through an online account or profile.

It also explains important caveats and exceptions, including circumstances in which a request may be refused or where an additional period of up to two months may be needed beyond the standard one calendar month to respond.

Designed to sit alongside your privacy documents

This document is designed for use alongside an existing privacy policy or privacy notice. It does not replace either document and is not intended to serve as an internal company policy.

For more detailed background on when each right applies, how to comply, and the relevant time limits, see the Data Subject Rights Guidance Notes.

Data Subject Rights Policy is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.