Subject Access Request Data Protection Act - How to get your information.

**Amethyst** · 19th May 2007, 15:09:PM

Guide to the Data Protection Act & Non Compliance

The Data Protection act should be quite simple - it basically entitles an INDIVIDUAL to have access to any information directly relating to them, held by a company.

If you have sent the above letter or similar with the required fee then;

When you can take further action.

If you have:

* Asked your bank/credit company for the information held about you under the Data Protection Act.
* Paid the fee (if required),
* Waited for more than 40 days

and you have not received any response from them, we recommend that you contact them again to find out why using the non compliance letter below

If their response to your further enquiry is unsatisfactory then you can make a data protection complaint using the data protection complaint form.

When you send the Information Commissioners Office your form you must also send:

* a copy of your Subject Acces Request letter,
* confirmation of when your letter was received, and you cheque/postal order cashed.

**Amethyst** · 21st May 2007, 12:03:PM

Letter for DPA non compliance - when you wish to force compliance through the courts

Your Name
Address

Date

Banks Data Controller Name
Address

Dear Sir / Name

Section 7 - Data Protection Act Subject Access Request
Account: xxxxxxxx

I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum Â£10 fee, to XXXXXX Bank on XX/XX/XXXX.

You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

As of XX/XX/XXXX I have not received any/complete information from you.

If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall apply to the County Court for an order to enforce compliance, together with damages at the discretion of the court.

Yours faithfully,

[name]

**Amethyst** · 21st May 2007, 13:06:PM

Letter if you only wish to complain to the ICO for the moment

Your name
Your Address

Date

Bank Data Controller Name
Address

Dear Sir / Name

Section 7 - Data Protection Act Subject Access Request
Account: xxxxxxxx

I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum Â£10 fee, to XXXXXX Bank on XX/XX/XXXX.

You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

As of XX/XX/XXXX I have not received any/complete information from you.

If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall enter a complaint to the Information Commissioner.

Yours faithfully

NAME

Complaint to the ICO - Complaint form in PDF available HERE
This page holds information regarding your entitlement to information specifically related to unfair bank charging LOOK HERE

**Amethyst** · 21st May 2007, 13:15:PM

Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

Do not let the clerks give you any other forms to complete. This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.

Particulars of Claim for DPA non compliance

1. The Defendant is a Data Controller within the meaning of the Data Protection Act and is responsible for the processing of data of which the Claimant is a Subject.

2. The Claimant has an account number xxxxxxxx ("the Account") with the Defendant which was opened on or around (date)

3. On (date) the Claimant sent a Subject Access Request, pursuant to Section 7 of the Data Protection Act 1998 to the Defendant.

4. The Defendant has failed to comply.

5. By virtue of the Defendant's failure to comply with the Subject Access Request the Claimant has suffered damage.

6. The damage caused is:

Extra costs incurred in addition to court costs, due to the Defendants failure to comply - this includes the cost of additional correspondence and time spent preparing documents and seeking legal advice, I estimate this cost to be Â£XX (a reasonable cost would be between Â£25 and Â£35)

7. The Claimant seeks an order that the Defendant do comply with the Claimant's Subject Access Request

8. Under the terms of Section 15(2) of the Data Protection Act 1998, where the Defendant contests that information requested under the Claimant's Subject Access Request is not included within the scope of Section 7 of the Data Protection Act 1998, the Claimant requests that the Court inspects that information, and where it finds that the Defendant's opinion is unfounded, that it orders such information be included within the information supplied to the Claimant under the Subject Access Request.

9. Damages and costs within the discretion of the Court.

**Amethyst** · 28th May 2007, 12:47:PM

Other examples of DPA letters used;

Tools v MBNA ** SETTLED**

**Junaid30** · 21st December 2013, 03:44:AM

Re: Subject Access Request Data Protection Act - How to get your information.

You certainly know how to keep a reader entertained. I really enjoyed what you had to say.it according to my need and demand.

**Krell357** · 17th December 2014, 06:23:AM

Re: Subject Access Request Data Protection Act - How to get your information.

__________________________________
http://www.vitamixrecipes.org/collar...-soy-smoothie/

**Mrweb** · 9th February 2015, 11:43:AM

Re: Subject Access Request Data Protection Act - How to get your information.

Originally posted by Tools View Post

The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.

The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.

SAR (Subject Access Request)
Right of access to personal data (section 7 of the Act).
There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.

Here is a letter to be used when requesting your personal information from a bank or any company

You will find a list of addresses here

http://www.legalbeagles.info/forums/showthread.php?t=21

hi everyone, very helpfull on here to a point, but when I click the link above to access the addresses available for particular banks I'm told I can't access due to lack of privileges, I was informed that this was a free site after only 3 minutes of registering I'm being asked to upgrade? Please help is it me or do I have to pay for certain info

**Kati** · 9th February 2015, 12:09:PM

Re: Subject Access Request Data Protection Act - How to get your information.

I'll see what I can figure out [MENTION=61725]Mrweb[/MENTION] ... it may be a 'broken link' or something

Rest assured ... access to the site is free, the upgrade to VIP merely affords those users who desire it extra privacy (threads are not searchable online etc...) there is no information that could be needed by most people inaccessible to non-vip's

Kati x

**Tools** · 9th February 2015, 12:16:PM

Re: Subject Access Request Data Protection Act - How to get your information.

That post has been archived as many of the addresses & contact details were outdated. Is there a particular detail you are looking for MrWeb?

**Amethyst** · 9th February 2015, 12:37:PM

Re: Subject Access Request Data Protection Act - How to get your information.

Hi, Yes it is a broken link as the post it pointed to was from 2007 and some of the addresses were obsolete. I'll remove the link and point it to the Data Protection Register as that contains the correct up to date details for each bank for the moment while I sort out a new directory for the informantion.

https://ico.org.uk/esdwebpages/search

eg. Lloyds Bank

Registration Number: Z7107034

Date Registered: 26 September 2002 Registration Expires: 25 September 2015

Data Controller: Lloyds Banking Group PLC
Address:

The Mound
Edinburgh
EH1 1YZ

**daytona77** · 22nd June 2016, 12:01:PM

Re: Subject Access Request Data Protection Act - How to get your information.

Originally posted by Amethyst View Post

Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

Do not let the clerks give you any other forms to complete. This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.

Particulars of Claim for DPA non compliance

The entity that process my data have confirmed to the ICO that they do not hold or process my data. This is in spite of court evidence that proves otherwise.

I therefore need to make an application to the Court for the matter to be heard and the judge to decide to order my data is yielded by the entity concerned.

The thread here is from 2007 so has anything changed?

Is it a straightforward claim lodged with the Court under form N1 at a cost of £280?

As previously stated here, the court staff seem baffled with " subject access data" so does anyone know of any such cases / cost / which courts please?

Many thanks

**whiterabbit** · 5th October 2017, 18:26:PM

Re: Subject Access Request Data Protection Act - How to get your information.

hey I have 2 questions about this.

1) I thought you had to give 14 days notice before court action in small claims not 7?
2) You mention you can claim damages and costs within the discretion of the court. Would this not bring it out of the small claims court and into the more expensive high court? As for example if you lost a tribunal case because of a companies failure to respond to a SAR request and you wanted to claim damages would in this situation it still stay in the small claims or escalate?

For example in the case of 'Dawson-Damer v Taylor Wessing LLP

She did the process in the high court as opposed to small claims, why is this?

see link here: https://www.burges-salmon.com/news-a...urt-of-appeal/

Subject Access Request Data Protection Act - How to get your information.

Subject Access Request Data Protection Act - How to get your information.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Announcement

Court Claim ?