Data subject rights

Data subject rights

The UK General Data Protection Regulation (UK GDPR), Assimilated Regulation (EU) 2016/679 provides for enhanced rights for data subjects including providing rights of access, rectification, erasure and restriction of processing, Rights of data portability, and a right of data subjects, with strict time limits for complying.

Right of access

Data subject access requests (also called DSARs) are relatively common and are seen as the gateway right, enabling data subjects to exercise other rights such as the right to rectification or erasure. They can be particularly onerous for businesses.

Article 15 of the UK GDPR entitles data subjects to:

•
confirmation of whether their personal data is being processed
•
access to the personal data that is being processed
•
receive additional information, broadly commensurate with the information required to be provided in your privacy notice
•
a copy of the personal data in question

The UK GDPR sets out mandatory categories of information which must be supplied in connection with a data subject access request. See Practice Note: Rights of data subjects—Right of access (Article 15 of the UK GDPR).

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Risk & Compliance News

FCDO announces reduction in Russian crude Oil Price Cap mechanism

The Foreign, Commonwealth & Development Office (FCDO) has announced that the UK and EU will reduce the Russian crude oil price cap from $60 to $47.60 per barrel, effective 2 September 2025. The measure maintains existing caps on refined products. A 45-day wind-down period until 17 October 2025 applies to trades contracted before the implementation date that comply with the current $60 cap. The action modifies the December 2022 price cap mechanism that prohibits G7 companies from providing shipping and insurance services for Russian oil sold above the cap price.

NCA publishes system priorities for tackling economic crime in 2025

The National Crime Agency (NCA) has published its system priorities for tackling economic crime in 2025. The document outlines nine equal-priority areas including money laundering, international fraud, criminal cash movement, money mule exploitation and crypto-asset abuse. The priorities aim to help the regulated sector allocate resources effectively while maintaining regulatory compliance. The document estimates £12bn in criminal proceeds are generated annually in the UK, primarily from drugs and excise fraud.

FCDO announces sanctions against Russian GRU units and officers for cyber attacks

The Foreign, Commonwealth and Development Office (FCDO) has imposed sanctions on three units of Russia's Main Intelligence Directorate (GRU) and 18 military intelligence officers. The measures target units responsible for cyber operations against UK infrastructure and the 2022 Mariupol Theatre bombing. The sanctions package includes restrictions on GRU Unit 26165, which conducted reconnaissance for missile strikes, and officers linked to the 2018 Salisbury poisonings. Additional sanctions target three leaders of 'African Initiative' for conducting Russian-backed disinformation campaigns in West Africa.