It’s your right
Under the law, you have the right to ask any company, including current or former employers, what information they hold about you, in any form - electronic, paper or otherwise. And of course, you also have the right to ask for your personal data to be deleted. Rightly can help you do that, quickly, easily and for free.
You may even have a pension held with an ex-employer and you have a right to know where it is and how much it’s worth. Click below to find out more.
Some common questions
How do I send a subject access request (SAR)?
The easiest way to find out what information an organisation has on you, is by sending a request through Rightly:
- Search for any company
- Enter your basic details so that they can confirm your identity
- Check your email and send your request
What can you expect after you send your request?
Your request simply connects you to all of the companies you select. They’ll link you to their own forms and processes for you to complete. Only your name and email address is required to send these requests, but companies will likely ask you for more information to make sure you're you.
They should confirm what personal information of yours they have within 30 days.
So I don't need a subject access request template?
No - they tend to be of varying quality and take a lot of effort. That's why we made Rightly, so that things can be as safe and time-effective as possible for you to have more control over your data.
How long until a company responds to my request?
After the company has received your request, they have to reply in full within 30 days, or give a valid reason for asking for an extension. However, we're glad to say that most companies normally reply within a week.
Responses from companies are likely to come directly into your inbox.
If you have any questions, or have any difficulty at all with how companies respond, our friendly support team is here to help!
What if they don't reply?
They have to reply by law. You can ask any company if they have your personal data, even if you don't know for sure whether or not they have it. They have to tell you what they have, as well as how and why they are using it. This is thanks to your ‘right of access’ under GDPR law.
How long can a company store my data for?
There is no specific time limit on how long a company can hold your personal data. Under GDPR, your information should simply not be kept for any longer than necessary.
While a company should be able to justify the length of time that your data is stored, whether or not this is acceptable depends on what the data was collected for in the first place.
For instance, a company can keep hold of employment contract data for a total of 6 years since this is the window of time in which a contract breach claim could be made.
However, when it comes to job applicant CVs for example, these can only be stored for a maximum of 6 months, based on this being the length of time in which a candidate could file a discrimination claim.