Under the General Data Protection Regulation (GDPR), you have a right to access any personal data from a company or organisation that is held about you.
Personal data, speaking in general terms, can be any data that relates to you or has the potential to identify you as an individual. Examples of personal data include your name, date of birth, address, contact details, CCTV footage, audio recordings, and more.
So, assuming that you want to access such personal data to see what information an organisation holds on you, how do you go about doing that?
Although there is no set way to go about this process, below we have listed 5 general rules of thumb that you should follow to successfully obtain the personal data that you are seeking.
1. Make a formal request in writing
Either by email or letter, send a formal request to the organisation in question to request access to your information. This process is known as ‘making an access request’, or alternatively referred to as a ‘data subject access request’.
2. Be specific in your request
The more detail you can provide in relation to your access request, the less time it will take to receive the information that you are looking for. Be sure to also specify whether you would like the information to be sent to you electronically or as a hard copy.
3. Contact the relevant Data Protection Officer (DPO)
Most companies/organisations will have appointed a specific DPO to handle data subject access requests, whose details should be listed and easily found on the organisation’s website.
If these contact details are not readily available, you should use the organisation’s general contact information.
4. Send proof of your identify
A DPO will not be able to provide you with the personal information that you are looking for if you are unable to prove who you are. It may also be the case that the organisation has multiple people on file with the same first and last name as you.
You should therefore be sure to provide identifying, additional information about you to the DPO to avoid unnecessary confusion and/or complications.
5. Wait
The DPO must respond to your request within one month of you submitting it.
In cases where the request may be complex, the DPO can extend the deadline by two months. However, you must still receive a written explanation for any potential extension that may occur within the initial one-month period.
*In contentious business, a solicitor may not calculate fees or other charges as a percentage or proportion of any award or settlement.*