Data Subject Rights | Subject Access Request (DSAR)

Responding to Data Subject Requests: Timelines and Exceptions

ByPrivacyiQ 7 July 20256 July 2025

Companies must respond to GDPR rights requests within strict timeframes. Here’s what counts as a valid request — and when deadlines can be extended.

The default timeline to respond to data subject rights requests (access, erasure, objection, etc.) is one calendar month.

You may extend this by two months if the request is:

Complex
One of many from the same person

But — you must notify the individual of the delay within the first month, explaining the reason.

💡 Tip:

Set up automated calendar reminders for all DSARs. Missing deadlines is one of the top reasons for ICO complaints.

Data Subject Rights | Right to Restriction

The Right to Restrict Processing: What It Means in Practice

ByPrivacyiQ 28 June 202527 June 2025

Under Article 18 of the UK GDPR, individuals can limit how their data is used. Here’s when and how restriction applies Article 18 of the UK GDPR gives people the right to restrict how their data is used in specific scenarios, such as: During restriction, you may store data but not use it. You must…

Data Subject Rights | Right to Object

1 of 5: Understanding the Right to Object Under UK GDPR (Article 21)

ByPrivacyiQ 17 July 202517 July 2025

The UK GDPR grants individuals the right to object to certain types of data processing. Learn what Article 21 means for your company and how to stay compliant. Companies today rely on data to drive decision-making, marketing, and operational efficiency. But under the UK General Data Protection Regulation (UK GDPR), individuals have the right to…

Data Subject Rights | Right to Object

2 of 5: How to Handle Objections to Direct Marketing Under UK GDPR

ByPrivacyiQ 18 July 202517 July 2025

Under Article 21 of UK GDPR, individuals can object to direct marketing at any time. Learn how your company must respond — and what compliance looks like in practice. Marketing teams rely on data to reach the right audience — but under Article 21 of the UK GDPR, individuals have an absolute right to object…

A young woman skillfully sandboards down a vast desert dune under a clear sky, showcasing adventure and thrill.

Data Subject Rights | Subject Access Request (DSAR)

Understanding the Right of Access: What Your Company Needs to Know

ByPrivacyiQ 27 June 2025

The UK GDPR gives individuals the right to access their personal data. Here’s what companies need to know about handling Subject Access Requests (SARs) effectively. The UK GDPR gives individuals the right of access under Article 15. This allows people to ask what personal data your company holds about them and request a copy. SARs…

A professional woman in a classroom writing on a whiteboard during a lecture session.

Data Subject Rights | Right to Rectification | Subject Access Request (DSAR)

The Right to Rectification: Keeping Employee and Client Data Accurate

ByPrivacyiQ 27 June 202527 June 2025

Under GDPR Article 16, individuals have the right to correct inaccurate personal data. Learn how your company can stay compliant. Under Article 16 of the UK GDPR, individuals have the right to request the correction of inaccurate or incomplete personal data. Common requests include updates to: Companies must respond without undue delay, usually within one…

Automated Decision Making | Data Subject Rights

Understanding Automated Decision-Making and Profiling

ByPrivacyiQ 5 July 20252 July 2025

Under Article 22 of the UK GDPR, individuals have rights related to automated decision-making and profiling. Learn how companies should respond. Article 22 of the UK GDPR gives individuals the right not to be subject to decisions based solely on automated processing, including profiling, if it produces legal or similarly significant effects. This affects: Where…

💡 Tip:

Similar Posts