You can ask the organisation you think is holding, using or sharing your personal data to supply you with copies of your personal data. If a company tries to charge you a fee, inform them that, as of 25 May , subject access requests can be made for free when GDPR became law in the UK as the Data Protection Act To make a subject access request SAR , follow these steps:. You can use the free template letter on the Information Commissioners Office ICO website to make a subject access request.
Key Information. The Information Commissioner's Office ICO is an independent authority set up in the UK to work with organisations to uphold information rights in the public interest and protect data privacy for individuals. It can investigate and fine organisations found to be in breach of data protection rules but it cannot award compensation to individuals. It is best to send your request by recorded delivery or by email, and you should keep a copy of the SAR and all other correspondence.
The Data Protection Act GDPR requires companies to let you know what information is held about you, whether it is on computers or on paper. More information on the kinds of information that can be requested by the individual can be found on the Information Commissioner's Office website.
The document should be signed and sent to the organisation by the person making the request. It can be sent by post or email. If the organisation has a data protection officer, or provide details of who to contact for privacy or data issues, that address should be used to enable the organisation to deal with the complaint.
The individual sending the request may wish to keep a copy for their own records. After the request has been sent the organisation should respond within one month. The lawyer can answer your questions or help you through the process. You will be offered this option when you complete the document. If you are unsatisfied with our actions or wish to make a complaint, you can contact us using the details enclosed. You also have the right to lodge a complaint with the Supervisory Authority, whose details have been provided in our Subject Access Request Procedures.
As per the data protection law, you have the right to request the rectification of any inaccurate or incomplete data held by us. You must comply with a SAR without undue delay and at the latest within one month of receiving the request. If you process a large amount of information about an individual, you may be able to ask them to specify the information or processing activities their request relates to, if it is not clear.
The time limit for responding to the request is paused until you receive clarification, although you should supply any of the supplementary information you can do within one month. You need to be satisfied that you know the identity of the requester or the person the request is made on behalf of.
The timescale for responding to a SAR does not begin until you have received the requested information. However, you should request ID documents promptly. Not usually. In most cases you cannot charge a fee to comply with a SAR. You should make reasonable efforts to find and retrieve the requested information. However, you are not required to conduct searches that would be unreasonable or disproportionate to the importance of providing access to the information.
An individual is entitled to a copy of their personal data and to other supplementary information which largely corresponds with the information that you should provide in a privacy notice.
If an individual makes a request electronically, you should provide the information in a commonly used electronic format, unless the individual requests otherwise. When deciding what format to use, you should consider both the circumstances of the particular request and whether the individual has the ability to access the data you provide in that format.
0コメント