Hacer una solicitud de acceso a datos personales
Cómo solicitar una copia de los datos personales que una organización tiene sobre usted.
Visión general
Under Article 15 of the UK GDPR, you have the right to obtain confirmation of whether an organisation is processing your personal data and, if so, to receive a copy of that data. This is known as a Subject Access Request (SAR) or Data Subject Access Request (DSAR). Organisations must respond within one calendar month. The request is free.
Proceso paso a paso
Identify the Organisation
Determine which organisation holds your data. This could be your employer, bank, GP, school, social media platform, or any organisation that processes your personal data.
Write Your Request
Send a written request (email or letter) asking for a copy of all personal data held about you. You do not need to use any specific form or mention the UK GDPR, but it helps to be clear. Include enough information to identify yourself (name, account number, etc.).
Organisation Must Respond
The organisation must respond within one calendar month of receiving your request. They can extend this by two further months for complex requests, but must tell you within the first month.
Review the Response
Check the data provided is complete. You should receive a copy of your personal data, information about the purposes of processing, who the data has been shared with, and how long it will be kept.
Complain to the ICO if Unsatisfied
If the organisation fails to respond, provides an incomplete response, or refuses without valid reason, you can complain to the Information Commissioner's Office (ICO) for free.
Costes
Advertencias importantes
Organisations can refuse or charge a reasonable fee for requests that are 'manifestly unfounded or excessive'.
Some data may be exempt from disclosure (e.g., legal professional privilege, crime prevention).