Policies

Data Subject Access Request Policy

The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, together with supplementary information explaining how and why that data is processed. The right applies only to personal data relating to the individual making the request.

The right of access does not provide a right to obtain internal documents, correspondence, legal analysis, draft materials, risk assessments, or decision-making processes unless such material constitutes personal data and is not subject to an exemption.

A Data Subject Access Request may be made verbally or in writing. A request is valid where it is clear that the individual is asking for access to their own personal data. The requester does not need to refer to legislation or use specific wording.

A DSAR may be made by a third party acting on the individual’s behalf, such as a solicitor or representative. In such cases, we will require written authority confirming that the third party is entitled to act for the individual before the request is processed.

We will respond to a Data Subject Access Request without undue delay and in any event within one month of receipt. Where a request is complex or multiple requests are received, this period may be extended by up to a further two months in accordance with the UK GDPR.

In fulfilling a Data Subject Access Request, we will carry out a reasonable and proportionate search for personal data relating to the requester. The scope of any search will be appropriate to the nature of the request and consistent with the requirements of the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

Where a request is broad, unclear, or lacks sufficient detail, we may ask the requester to clarify the scope of their request or to specify the particular information or processing activities sought. The statutory response period is paused until such clarification is received.

Where reasonably possible, we will provide any supplementary information that can be identified within the original timeframe, such as general information about processing purposes, data categories, or retention periods.

We are entitled to verify the identity of the requester, or the authority of any representative acting on their behalf. Where verification is required, the response period begins once satisfactory identification has been received.

Data Subject Access Requests are normally processed free of charge. However, we may charge a reasonable fee or refuse to act where a request is manifestly unfounded or excessive, including where it is repetitive, abusive, or intended to disrupt lawful activities.

Disclosure under a Data Subject Access Request is subject to exemptions and restrictions set out in the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025. We may withhold or redact information where disclosure would be unlawful or inappropriate.

• Legal professional privilege or legal advice
• Ongoing or contemplated legal proceedings
• Crime, taxation, enforcement, or regulatory activity
• Internal management forecasting or planning
• Third-party personal data
• Internal deliberations, opinions, or working notes

We may use automated or AI-assisted software tools as general research, drafting, or productivity aids. These tools are not used as decision-makers and do not form part of our formal case records or decision rationale.

Personal data is not intentionally entered into such systems, and outputs are not retained as part of any official file. Accordingly, AI prompts, transient outputs, and internal drafting assistance do not ordinarily constitute personal data held by us for the purposes of a Data Subject Access Request.

If you are dissatisfied with our handling of your Data Subject Access Request or any related data protection matter, you may raise a complaint with us directly. Complaints will be acknowledged within 30 days and investigated without undue delay.

Further details are available in our complaints procedure, or you may contact us at Help@ukbailiffs.org.

Last reviewed: January 2026