Understanding your rights is crucial when it comes to personal data. A Subject Access Request (SAR), also known as a Data Subject Access Request (DSAR), allows you to ask any organization for access to the personal data they may hold about you. In this guide, we will show you how to make a subject access request and what to expect when requesting your data.
Your Right to Make a Subject Access Request
Previously, under the Data Protection Act 1998, organizations could charge a fee of £10 to provide you with the data they held. However, with the implementation of the GDPR in 2018, subject access requests are now free of charge. This right of access empowers you to verify the lawfulness of the processing of your personal data. You may want to make a request if you have doubts about how a company is handling your data or if you wish to understand any automated decisions affecting you.
How to Make a Subject Access Request
There is no specific format for making a subject access request, and you can approach the organization in various ways, such as by email, written letter, phone call, direct message (DM), or even a tweet. The request should be directed at the organization asking for all the personal data they hold about you, who they share it with, and any additional relevant information.
Organizations should provide multiple ways for you to submit your SAR, but many only offer a web form. This is not ideal practice. Be sure to check their privacy policy, typically found at the bottom of their website, for details on how to send your request.
If the organization attempts to charge you a fee, remind them that under the GDPR (as of May 25, 2018), subject access requests must be processed for free.
Steps for Making a Subject Access Request
Follow these steps to effectively make a subject access request:
- Identify the right department: Look for the contact details for the organization’s Data Protection Officer (DPO), often available on their website (usually as a
dpo@email address). - Prepare the required details: Collect all the necessary information you need to request. This might include your full name, address, contact number, and any unique identifiers (e.g., account numbers or unique IDs) to distinguish you from others.
- Write the request: Include your full details and specify the data you’re requesting. Make sure to reference any specific dates if relevant.
- Mention the deadline: Remind the organization that they have one month to respond to your request as required under the Data Protection Act 2018.
- Reference the GDPR: Confirm that your SAR is free under the Data Protection Act 2018, ensuring they understand that there should be no charge.
Record and Copy Everything
To protect your rights, it’s essential to keep a record of your request and any correspondence with the organization. Sending your SAR via recorded delivery or email ensures you have proof of your request. Keeping copies of all materials exchanged will be important if you need to escalate the issue later or file a complaint with the Information Commissioner’s Office (ICO).
Simplify the Process with Tools
Managing SARs can be time-consuming and complex. To make the process easier, we recommend using a tool that streamlines the task. The Tapmydata app is a free, secure, and easy-to-use platform for submitting SARs, and it ensures that your data remains private. Available on both Apple and Android, this tool allows you to submit requests without the hassle of paperwork, and without any collection or storage of your personal data.
By using the Tapmydata app, you can make your SARs faster and more efficiently, without worrying about losing control of your personal information.
In a world where personal data is increasingly valuable, decentralized solutions like Tapmydata offer individuals a straightforward way to manage and protect their data. Take control of your data and ensure your privacy rights are respected with minimal effort.