Data subject rights

Copyright © 2025 LexisNexis

The UK General Data Protection Regulation (UK GDPR), Assimilated Regulation (EU) 2016/679 provides for enhanced rights for data subjects including providing rights of access, rectification, erasure and restriction of processing, data portability, a right to object to processing and rights relating to automated decision making, including profiling, with strict time limits for complying.

Right of access

Data subject access requests (also called DSARs) are relatively common and are seen as the gateway right, enabling data subjects to exercise other rights such as the right to rectification or erasure. They can be particularly onerous for businesses.

Article 15 of the UK GDPR entitles data subjects to:

  1. confirmation of whether their personal data is being processed

  2. access to the personal data that is being processed

  3. receive additional information, broadly commensurate with the information required to be provided in your privacy notice

  4. a copy of the personal data in question

The UK GDPR sets out mandatory categories of information which must be supplied in connection with a data subject access request. See Practice Note: Data subject rights—access—Information requirements.

In

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

From Russia with love? UK lawyers mull sanctions U-turn

Law360, London: Finance companies are enlisting white-collar lawyers to draw up plans for tapping back into Russia if the US breaks with its Western allies and eases sanctions, although experts warn that unpredictable political winds mean there are as many risks as opportunities.

UK needs modern sanctions rules, ex-Lord Chancellor warns

Law360, London: The UK's sanctions regime is increasingly unfit for purpose and must reform to tackle new complex forms of aggression, such as cyberattacks and economic sabotage, the former Lord Chancellor urged on 5 June 2025.

UK Data (Use and Access) Bill facing collapse risk over Parliament’s AI copyright challenge

MLex: The UK’s Data (Use and Access) Bill faces increasing risk of collapse after the House of Lords again pushed forward an amendment to include in it protections for rights holders over their works being scraped for AI training. The House of Lords lawmaker who brought the amendment, which calls on the government to bring dedicated draft legislation on the issue, said their intent was not to kill the Bill but to push the government to respond by proposing its own amendment.

Lloyd's broker faces 2027 trial over US$3m bribery scheme

Law360, London: A Lloyd's of London broker is scheduled to stand trial in 2027 over allegations it failed to prevent its associates in the US from bribing an Ecuadorian official in exchange for lucrative reinsurance contracts worth US$38m.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a
Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a