Explains your rights to see and have copies of your personal information, and how to complain if access to your records is refused or if what is written about you is wrong.
There are various reasons why your request for your personal information might be unsuccessful. This page covers what you can do if:
You should always receive a response of some kind to a subject access request (SAR). Even if the organisation holds no information about you, or it has a reason to withhold your information from you, it must still write to you and explain that this is the case.
If more than one calendar month has passed since you made your request and you've not heard anything back, you should take these steps in the following order:
If they don't provide what you asked for, you should write back to the organisation explaining what you think is missing. You should be as specific as possible about the missing information.
To help you write it out, you can use the template letter on the ICO website.
If you aren't happy with the organisation's response, and you still believe that it has failed to share all of the information you asked for, you can complain to the ICO.
The ICO might receive many reports from different individuals about a particular organisation’s failure to meet the one-month time limit. In this case, they may take action against the organisation for failing to meet its obligations under UK GDPR.
Find out more on the ICO website about the ways it ensures organisations meet their obligations.
Under UK GDPR you have a right to 'rectification' of your records. This means that if something in your records is wrong, you can ask to have it corrected. Your request doesn’t need to be in writing, but it may be helpful if it is.
The organisation has one month to respond to your request. If they think your request is manifestly unfounded or excessive, they may charge you a fee or refuse your request.
But there is a difference between information that is wrong and information that you disagree with.
Information that is wrong could include an incorrect record of your birthdate or the medication that you have been prescribed.
However, if you disagree with a medical opinion in your health records:
These regulations tell organisations how they can use your personal information. They also give you rights to access and correct personal information held about you.Visit our full listing of Legal Terms
This information was published in November 2021. We will revise it in 2024.
References are available on request. If you would like to reproduce any of this information, see our page on permissions and licensing.