The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.
The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.
SAR (Subject Access Request)
Right of access to personal data (section 7 of the Act).
There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.
Here is a letter to be used when requesting your personal information from a bank or any company
You can find the correct address https://ico.org.uk/esdwebpages/search
The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.
SAR (Subject Access Request)
Right of access to personal data (section 7 of the Act).
There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.
Here is a letter to be used when requesting your personal information from a bank or any company
Dear Sir/Madam
ACCOUNT NUMBER(s): xxxxxxxxx (or multiple numbers if more than one account)
If there is specific information which you require in order to satisfy yourself as to my identity, please let me know promptly. However, please note that the above address is the one registered with your organisation and which you have previously found to be acceptable.
I would be happy to prove my identity or collect any documents at my local branch.
Yours faithfully,
(signature)
(name)
ACCOUNT NUMBER(s): xxxxxxxxx (or multiple numbers if more than one account)
- I formally request that you forward me a true record of any Data held by your organisation relating to myself for the complete term of the account(s).
- I am also aware this request should include any Data held for more than 6 years as under the Data Protection Act there is no time limit for information requested.
- If you do not hold Data for a period longer than 6 years I also request confirmation of this in writing along with your methods used for disposal of such information to comply with the Data Protection Act stating the name and contact information of your registered Data Controller and Code Compliance Officer.
- Additionally, where there has been any event in my account history over this period which has required manual intervention by any member of your staff, or any other person, I require disclosure of any indication or notes which have either caused or resulted in that manual intervention, or other evidence of that manual intervention in relation to my business with you.If you are unable to supply this data because there has been no such manual intervention, then please be so kind as to confirm this in your writing.
If there is specific information which you require in order to satisfy yourself as to my identity, please let me know promptly. However, please note that the above address is the one registered with your organisation and which you have previously found to be acceptable.
I would be happy to prove my identity or collect any documents at my local branch.
Yours faithfully,
(signature)
(name)
Comment