Subject Access Request Policy

All your company policies and legal agreements in one platform

What is a Subject Access Request Policy?

Meet your GDPR obligations and have a clear policy and process in place to handle subject access requests (SAR). A SAR is a request made by or on behalf of an individual for the information a company holds on them. This is required under Article 15 of the UK GDPR and EU GDPR.

The GDPR does not set out formal requirements for a valid request, it just needs to be clear that the individual is asking for their own personal data. This presents a challenge as any of your employees could receive a valid request and you have a legal responsibility to identify and handle any request from an individual correctly.

Why is a Subject Access Request Policy important?

Developing a policy and designing a subject access form that individuals can complete and submit to you electronically can make it easier for your company to manage requests.

This policy helps to inform staff about their duties and the procedures that must be undertaken when a SAR is received.

Should I use a Subject Access Request Policy template?

Even though templates can be really helpful to create policies for your company, they are not the perfect solution. Templates are standard documents that do not reflect your company’s peculiarities. Instead of using a Subject Access Request Policy template, our recommendation is to create a custom policy completely adapted to your company’s needs. The Adoptech platform allows you to create over 70 bespoke policies in seconds.

Subject Access Request Policy Sections

Making a request

Timescales for a response

The fees that will be charged

Information that will be shared

Governance of the policy

Subject Access Request Policy GDPR Related

Note that once the Brexit transition period has ended, the “GDPR” will be retained in UK law and will continue to be read alongside the DPA, minor changes will be made to ensure it can function in UK law. The EU will then make an ‘adequacy decision’ on the standard of safety that UK data protection laws provide. 

Related terms: Subject Access Request Policy GDPR, Request Policy, Data Access Request Policy

Create your Subject Access Request Policy now

Simply register for free and create your custom policy within minutes.

The Subject Access Request Policy is part of the BUILD plan

How does it work?

Select a policy from our library of over 70 policies

Answer simple questions

Our platform generates your bespoke policy

Sign-off and share in seconds

Always aligned with the latest legislation ISO and GDPR Compliance

Need more Policies, Agreements or Certifications?

We do the heavy-lifting for you

Adoptech is a single platform that provides a full suite of products.

InfoSec Policies


Compliance Policies


Data Protection

Legal Agreements

ISO 27001 Certification

Some of the companies trusting Adoptech