Subject Access Request (SAR) policy template

£ 20

Our Subject Access Request (SAR) Policy Template outlines procedures for handling data requests, ensuring compliance with data protection regulations and safeguarding individuals' privacy rights.

Reading time
How long to understand and prepare this policy?
5 mins
Get a value bundle that includes our Subject Access Request (SAR) policy template

Complete package
624 templates, our full range
£ 125
Handbook library
114 templates, supporting multiple handbook needs
£ 50
Security and information policies
8 policies
£ 35
subject access request (sar) policy template

What is a Subject Access Request (SAR) policy?

The purpose of this Subject Access Request (SAR) policy template is to provide you with a flexible and customisable document to serve as a robust and effective starting point for you.

By using our Subject Access Request (SAR) policy template, you can streamline your process, maintain consistency and accuracy, and save time, and it can be easily adapted to fit your specific scenario.

Best practice timescale for this to be issued
When should this policy be issued?
During onboarding / after changes / planned refresher
Issued by who, to whom
Who should issue this policy, and to whom?
Internally issued to appropriate recipients in your Company
Applicable legal jurisdictions
In which jurisdictions can this policy be used?
Great Britain & NI (United Kingdom), Worldwide

Subject Access Request (SAR)


This Subject Access Request (SAR) Policy outlines the procedures and guidelines for handling SARs received by [Company Name]. The policy is designed to ensure compliance with data protection laws, including the General Data Protection Regulation (GDPR), and to safeguard the rights of individuals regarding their personal data.


This policy applies to all employees, contractors, and agents of [Company Name] who may handle SARs on behalf of the organisation. It covers the process for receiving, assessing, and responding to SARs in a timely and efficient manner.

General Principles


  • Subject Access Request (SAR): A request made by an individual to obtain access to the personal data held about them by [Company Name].

  • Data Controller: The organisation that determines the purposes and means of processing personal data.

  • Data Processor: An entity that processes personal data on behalf of the data controller.


  • Data Protection Officer (DPO): The DPO is responsible for overseeing compliance with data protection laws, including the handling of SARs, and ensuring that appropriate procedures are in place.

  • HR Manager/Officer: The HR Manager/Officer is responsible for receiving, assessing, and responding to SARs received by the organisation.

  • Employees: All employees are responsible for promptly forwarding any SARs they receive to the HR Manager/Officer and cooperating with the SAR process as required.

SAR Procedure

  • Receipt of SAR: SARs may be submitted in writing or verbally. Employees who receive a SAR must promptly forward it to the HR Manager/Officer.

  • Verification of Identity: The HR Manager/Officer must verify the identity of the individual making the SAR to ensure that personal data is disclosed to the correct person.

  • Assessment and Response: The HR Manager/Officer will assess each SAR to determine whether it is valid and whether any exemptions or limitations apply. A response will be provided to the individual within one month of receipt, unless an extension is necessary.

  • Record-Keeping: Records of SARs received and actions taken in response must be maintained in accordance with data protection laws.

Training and Awareness

All employees involved in handling SARs will receive training on their responsibilities under this policy and data protection laws. Regular updates and refresher training will be provided as necessary to ensure ongoing compliance.

Review and Monitoring

This policy will be reviewed and updated regularly to reflect changes in data protection laws and organisational practices. Compliance with the policy will be monitored through regular audits and assessments.


This SAR Policy demonstrates [Company Name]'s commitment to protecting the privacy rights of individuals and ensuring compliance with data protection laws. By following the procedures outlined in this policy, we aim to handle SARs effectively and transparently while respecting individuals' rights regarding their personal data.

To view this you will need to make a purchase.

To view this you will need to make a purchase.

This policy [does not] form[s] part of your terms and conditions of employment.

Version: [1.0]

Issue date: [date]

Author: [name, job title]

Why buy our Subject Access Request (SAR) policy template?

  • It's easily editable and implementable, saving you time and money
  • It's designed by CIPD accedited Chartered HR practitioners with operational experience in this area
  • You will maintain compliance with ACAS guidelines, legislation, and industry best practices
What other advantages does buying from offer?
  • Email notifications for any updates made to this template or its accompanying materials
  • 12 months of unrestricted access without any additional costs (any update in that period is free to you)
  • A 25% discount on all library, toolkit, and template purchases/renewals

I have just renewed our membership for another year for HRdocbox. It's an extremely useful resource with a wide variety of documents and knowledge...
- Rachel Masing, ETM Group

I have been using the service now for around 6 months and it has been really useful in developing and updating polices and processes.
- Jamie Allan, Armstrong Craven

Excellent library of resources and templates which have made my job in my small business so much easier to manage HR for my employees...
- Emma Hunt

Great value and the site contains an extensive library of essential HR documents. I access the site probably once a week...
- Laura Alliss-Etty

HRDocBox is a great resource. It is incredibly good value, providing a large selection of HR guidance materials as well as...
- Emma Beauchamp

Navigating Holiday Requests - Balancing Employee Needs and Operational Demands
Fri, 19 Apr 24

Navigating Holiday Requests - Balancing Employee Needs and Operational Demands

Managing holiday requests in the workplace can be a complex task, requiring employers to balance the needs of their employees with the operational requirements of the business...