Data subject rights

Copyright © 2025 LexisNexis

The UK General Data Protection Regulation (UK GDPR), Assimilated Regulation (EU) 2016/679 provides for enhanced rights for data subjects including providing rights of access, rectification, erasure and restriction of processing, Rights of data portability, and a right of data subjects, with strict time limits for complying.

Right of access

Data subject access requests (also called DSARs) are relatively common and are seen as the gateway right, enabling data subjects to exercise other rights such as the right to rectification or erasure. They can be particularly onerous for businesses.

Article 15 of the UK GDPR entitles data subjects to:

  1. confirmation of whether their personal data is being processed

  2. access to the personal data that is being processed

  3. receive additional information, broadly commensurate with the information required to be provided in your privacy notice

  4. a copy of the personal data in question

The UK GDPR sets out mandatory categories of information which must be supplied in connection with a data subject access request. See Practice Note: Rights of data subjects—Right of access (Article 15 of the UK GDPR).

In

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

OFSI amends General licence INT/2025/5635700 and General Licence INT/2022/2470156

The Office of Financial Sanctions Implementation (OFSI) has announced amendments to two general licences. The changes affect Licence INT/2025/5635700 and Licence INT/2022/2470156, both of which relate to Russian sanctions implementation. The amendments modify existing permissions regarding oil price caps and exempt projects.

Sanctioned company director convicted of failing to give information

Law360, London: A sanctioned company director was convicted in a criminal court in London on 25 June 2025 of failing to adequately respond to a request for information by the UK's sanctions agency.

FCDO issues new Russia sanctions guidance for non-UK businesses

The Foreign, Commonwealth & Development Office (FCDO) has published new guides on UK Russia sanctions compliance for non-UK businesses operating outside the UK. The guides include general compliance principles and country-specific guidance for businesses in Kazakhstan, Uzbekistan, Kyrgyzstan, Georgia and Armenia. The materials aim to help foreign businesses understand UK sanctions requirements and implement risk management procedures.

OFSI issues new guidance on confidential sanctions breach reporting

The Office of Financial Sanctions Implementation (OFSI) has published guidance establishing a new confidential reporting process for suspected UK sanctions breaches. The guidance outlines reporting procedures via a dedicated email address, whistleblower protections under the Employment Rights Act 1996 (ERA 1996) and explains how OFSI handles confidential information. While OFSI may share reported information with law enforcement agencies, it commits to protecting reporter identities unless legally required to disclose them. The guidance includes specific privacy protection recommendations for those making reports.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a
Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a