The rules on subject access requests changed under the GDPR.

The right of access, commonly known as subject access, allows employees to make a request to access personal data that is held by their employer.

In brief, employers need to provide the employee with confirmation of whether or not personal data is being processed. They provide them with a copy of their personal data. In addition, they should be provided with further details, such as the purpose of the processing, the categories of personal data concerned and with whom the data may have been shared.

From an employer’s perspective, receiving a subject access request can be time-consuming, costly and inconvenient. Unfortunately, it is like going to the dentist, it needs to be done!

How should employees make subject access requests to their employer?

The GDPR does not specify the way in which requests must be made, so requests may be made verbally or in writing.  Some employers may choose to provide a paper or online form for employees to make a request. But remember that even if you have such a form, employees are within their rights to send in a request by some other means. This may be in person or by sending a letter or email.  

Just because the employee’s written request does not include an explicit reference to the GDPR or the words ‘subject access request’ does not mean it is not valid and the request shouldn’t be dealt with.

Can employers charge a fee to deal with a subject access request?

Before the GDPR was introduced, employers could charge up to £10 to deal with the request. However, now employers cannot charge a fee unless the request is ‘manifestly unfounded or excessive’ or if the employee asks for additional copies (i.e. you have already given them a free copy). The fee should only be to cover the administrative costs of providing this information.

How long do employers have to deal with requests?

Employers are required to deal with subject access requests within one month of receiving it. This can be extended by two months where the request is complex and numerous.

Employers can often find it difficult to comply with the request in this timeframe. So it is essential to get started with locating the information as early as possible.

Do employers need to explain the data?

The information provided to the employee must be in a concise, transparent, intelligible and easily accessible form. It should also use clear and plain language.

Got some more questions?

The ICO have detailed guidance on about subject access requests here. In addition, they have a helpline, details of which are here.

Find what you were looking for?

Our FREE resources library contains over 200 searchable blogs, guides and templates focused around Employment Law and Health & Safety issues that employers face on a day-to-day basis.

Get your FREE download

We combine the service quality of a law firm with the certainty of fixed-fee services to provide expert, solutions-focused Employment LawHR and Health & Safety support tailored to employers.

Call us on 0345 226 8393.

Get your FREE download

We combine the service quality of a law firm with the certainty of fixed-fee services to provide expert, solutions-focused Employment LawHR and Health & Safety support tailored to employers.

Call us on 0345 226 8393.

Before you go…

We can help with that HR problem or health and safety query. If you’re an employer, leave your details below and our team will call you back.

Register your interest

Submit your details and one of our team will be in touch.

Get your FREE consultation

Submit your details and one of our team will be in touch.

Download your FREE guide

Submit your details below.

Request a callback

Submit your details and one of our team will be in touch.

Need some help?

Call our team now on:

01244 668 182

Request a Callback

Submit your details and one of our team will be in touch.

Request a Callback
Hi, how can we help?
Click the button below to chat to an expert.

Get your FREE consultation

Submit your details and one of our team will be in touch.