188体育

A 鈥楽ubject Access Request鈥� (SAR)聽is a request made by or on behalf of an individual for their personal聽information, which they are entitled to ask for under Article 15 of the UK聽GDPR.

An individual can make a SAR verbally or in writing, including by social media. They can make it to any part of an organisation, including HMRC, and they do not have to direct it to a specific person or contact point.

A request does not have to include the phrases 'subject access request', 鈥榬ight of access鈥� or 鈥楢rticle 15 of the UK聽GDPR鈥�. It just needs to be clear that the individual is asking for their own personal data.

SARs must be responded to within one month of receiving the request.听聽

People often quote the 'Freedom of Information Act' (see IDG40150) when requesting their personal information held by an organisation. This type of request is actually a SAR and should be dealt with under the GDPR聽rather than as Freedom of Information requests.

Further Information

For further guidance on SARS, including what to do if you receive a SAR, please consult the GDPR intranet pages.听