Table of Contents

What is a Data Access Request Form?

A Data Access Request Form is a legal document that allows access to personal information stored by your company. A Data Access Request Form allows personnel responsible for data privacy to record a request made under GDPR and other privacy laws to access their personal data held by your company or have their personal data rectified.

How do I request the right to data access?

The GDPR has not set any process to request access. But you can generally follow these bits of advice. Written Request You can send a written request via email or letter. While sending an email or letter, you should mention it is an access request so that both the data collector and you will have a record in case any problem arises later. The DPC provides the template for access requests that you can follow accordingly. Specific You should be as specific as possible in relation to the personal data that you wish to access. In this process, you might be asked to provide your additional identification for evidence, so that your personal information is not provided to the wrong person. Contact Data Protector Officer (DPO) Many large companies have a Data Protector Officer (DPO). You should find the relevant officer who can help you with your request for information. You will get the contact details in the contact us or privacy policy section of the organization’s website. If there are no individual email addresses for a data access request, you will have to use the general contact details of the organization.

Do you have to pay for a Data Access Request?

You should not be required to pay a fee for making an access request. However, in very limited circumstances where the access request is considered ‘manifestly unfounded or excessive,’ the controller can charge a reasonable fee for the administrative costs of providing the information requested. Controllers can also charge a fee based on administrative costs if you ask for additional copies of the information.

Can we refuse an access request?

Yes, you can refuse an access request wholly or partly. However, remember that not all exemptions apply in the same way.  You should check to see how it applies to a particular request.

How soon is data access provided when requested?

The organization you’re dealing with must respond as soon as possible. This must be at least within 1 month of the request starting from the day they receive your request. But if the organization needs some information about you such as ID documents, the request time will start the day they’ve received the documents. If the request is complex or you make more than one the response time may extend for 2 months. However, the reason for the extension is provided with an explanation within the initial one-month period. Usually, the controller should respond to your access request in the same way the request was made, or in the way in which you specifically asked. Such as if you make the request electronically (email) the data controller should provide the information electronically unless you request otherwise.

What is included in the DSAR response?

Depending upon the case, A DSAR usually requests complete detailed personal information on a subject but at times, there could be a request for just specific details. There is an obligation to provide whatever information is requested by the subject. This can oftentimes include the following:

* Confirmation of processing personal data.
* Access to personal information.
* Your legal basis for processing their data.
* The period for which their data will be stored by you. This could include the condition that will determine it.
* Relevant information about how data was obtained.
* Relevant information about the decision-making and profiling.
* The names of third parties with whom you’ll share their information.

You should keep all of a subject’s personal information in a convenient place so it is easier to pull information from multiple sources and generate a DSAR response.


A Data Access Request Form allows you to get access to your information from the controller. And while your request for data access the information must be relevant and authentic. Besides, you’ll not be charged unless the request is considered ‘manifestly unfounded or excessive.

You Might Also Like

Along with this document, make sure you see these other templates in our library:

Stay compliant with the Zegal template library

Zegal legal template are meticulously crafted with the precision of AI and the expertise of seasoned human lawyers, providing a unique blend of speed and reliability.

You can trust that Zegal agreements are legally sound and fully compliant with current regulations.

Whether you're a startupSME, or a larger enterprise, Zegal contract management will automate and speed up your legal processes.

Using Zegal will reduce risk, save money, and improve efficiency. Let us take care of the paperwork so you can focus on running your business.

Don’t compromise on speed or compliance. Stay secure, compliant, and efficient with Zegal.

“Love the new flow/design, very quick and easy to use now. I have done 2 or 3 customer contracts in a flash over the past 2 days.”

Get Started