This guidance discusses the right of access in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding to help you apply the right of access in practice. It is aimed at data protection officers (DPOs) and those with specific data protection responsibilities in larger organisations. Guidance tailored towards small organisations can be found in our data protection advice for small organisations. This guidance does not specifically cover the right of access under Parts 3 and 4 of the Data Protection Act 2018. However, some of the guidance contains practical examples and advice which will still be relevant.
If you haven’t yet read the ‘in brief’ page on the right of access in the Guide to Data Protection, you should read that first. It introduces this topic and sets out the key points you need to know, along with practical checklists to help you comply.
- What is the right of access?
- How should we prepare?
- How do we recognise a subject access request (SAR)?
- What should we consider when responding to a request?
- How do we find and retrieve the relevant information?
- How should we supply information to the requester?
- When can we refuse to comply with a request?
- What should we do if the request involves information about other individuals?
- What other exemptions are there?
- Are there any special cases?
- Health data
- Education data
- Social work data
- Can the right of access be enforced?
- Can we force an individual to make a SAR?