Data Subject Access Request (DSAR) Form

Home / Data Subject Access Request (DSAR) Form
Data Subject Access Request Form

Your rights

  • A data subject (you) has a variety of rights under data privacy legislation. Some rights simply exist and do not involve action on the part of the company (for example, the data subject's right to be informed), whilst others must be exercised by the data subject (for example, the right to access data). DSARs are classified as the latter.
  • A data subject (you) should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.
  • Distinct laws confer distinct rights, but we'll focus on the GDPR & UK Data Protection Act 2018 rights because it's the foundation for most other data privacy legislation. They are as follows:
    • The right to be informed about personal data collection and usage. If you gathered it yourself, you must tell the data subject at the time of collection.
    • The right to inspect personal data and learn how it is used. This is the most prevalent type of DSAR, and it is for this reason that DSARs are also known as access requests.
    • The right to have erroneous or incomplete personal data corrected. The company has one month to comply if an individual demands correction (verbally or in writing).
    • The ability to delete data. This provision, often known as the right to be forgotten, allows data subjects to request that you delete their personal data within 30 days.
    • The ability to limit the processing of personal data. You must cease processing a data subject's data under this request, but you may continue to keep it.
      Data portability is a legal right. Data subjects must be able to simply, safely, and securely transfer their data from one platform to another.
    • The ability to object. Data subjects have the right to object to the use of their information for marketing, sales, or non-service-related activities. In general, you must comply with this request, but there are certain exceptions, such as if the processing is for the public good.
    • The right to object to machine learning and profiling. Data subjects have the right to object to wholly automated choices regarding their data, including profiling, that might have a legal or similarly substantial impact on them.

Data holder (the company you address this DSAR to)

Data subject (you)

What happens next?

  1. Once the DSAR is confirmed by you by clicking the confirmation link in your mailbox, you will receive a link to verify your identity (Securily executed by our partner ComplyCube)
  2. Once your identity is confirmed, your request is immediately forwarded to the Data Protection Officer (DPO) / GDPR Owner of the data holder, who will ensure that the requested data is collected within the specified timeframe. 
  3. You will be asked to provide legal proof of identity.
  4. The Data Protection Officer (DPO) / GDPR Owner of the data holder reviews all documents that have been provided to identify whether any third parties are present in it, and either removes the identifying third party information from the documentation or obtains written consent from the third party for their identoty to be revealed.
  5. Within the legal timeframe you will be notified of the finalisation of the DSAR, the request will be closed and kept in record for 3 years from closure of the DSAR.

Collection entails:

    1. Collecting the data specified by the data subject.
    2. Searching all databases and relevant filing systems (physical and electronic) in the data holder's possession, including all backup and archived files, and all email folders and archives.
    3. Maintain a data map where all the data is stored.