Subject: Subject Access Request

Dear Data Protection Officer,

I am making a Subject Access Request under Article 15 UK GDPR and section 45 of the Data Protection Act 2018.

Please provide all personal data about me, including any record in which I am named, identified, described, or otherwise discussed. This includes emails, attachments, internal notes, message threads, meeting notes, task or ticket systems, safeguarding records, call notes, referral forms, complaint files, and any data held by processors on your behalf.

Search locations and custodians
• Email accounts and shared inboxes for staff involved in [case or service name]
• Case or CRM systems used for [service]
• Messaging and collaboration tools used by your staff, for example Teams chat and channels
• Document stores and shared drives for the relevant team
• Any third party processors listed in your privacy notice or contracts

Please include for each item the date, author, recipients, system source, and any relevant metadata. Where third party data is present, please redact that material rather than refusing in full.

If you consider identity verification necessary, please tell me what you require and how to provide it securely. If you consider the request complex, any extension must comply with Article 12(3) and set out clear reasons.

Please confirm receipt and preserve all relevant records pending completion.

Regards,
[Full name]
[Contact details]
[Date]

Subject: SAR acknowledgement

Hello,

I sent a SAR on [date]. Please confirm receipt and the due date. If you believe identity verification is needed, tell me what you require. Please preserve records pending completion.

Thanks,
[Name]

Subject: SAR extension reasons requested

Hello,

You indicate an extension. Article 12(3) requires specific reasons linked to complexity or volume. Please particularise which elements create complexity, the systems or custodians involved, and the revised due date. If scoping would assist, propose a staged disclosure. I will consider reasonable sequencing, not reduction of scope.

Regards,
[Name]

Subject: SAR incomplete, request for schedule and further searches

Hello,

Your response appears incomplete. Please run further searches and provide a schedule of records withheld or not located. The schedule should list the document type, date, author or system, the basis for any redaction or withholding, and the search steps taken.

Missing categories include:
• Emails between [names or teams] dated [range]
• Attachments referenced in [message or note]
• Chat or Teams messages for [meeting or channel]
• Notes or forms referenced in [document ID or date]

If you believe these do not exist, please explain your search methodology and systems queried. If third party data is the issue, please provide redacted copies rather than refuse outright.

Regards,
[Name]

Subject: Deletion claim, request for retention evidence

Hello,

You state the records were deleted. Please provide:
• The retention schedule that applied at the time
• The lawful basis for deletion while a SAR or complaint was in play
• The deletion log or audit record showing who deleted what, when, and under whose authority
• Any backup retention policy that would allow recovery

Without these, I will treat the deletion claim as unproven.

Regards,
[Name]

Subject: Processor data in scope of SAR

Hello,

Your privacy notice lists the following processors relevant to my case: [names]. Please confirm that you have obtained and disclosed my data from those processors, or explain why not, including dates of any processor data requests you made.

Regards,
[Name]

Subject: Freedom of Information request

Dear FOI Officer,

Under section 1 FOIA 2000 I request, for [date range]:

1) All records showing grants, contracts, or payments to [Org], including dates, amounts, funding source, purpose, and relevant cost codes.
2) Correspondence between [Public body] and [Org] about funding, referrals, compliance, or oversight. This includes emails and attachments.

Format
Electronic copies are fine. Redact personal data rather than refuse in full.

Cost control and advice and assistance
To comply with section 16, please advise if scope can be met by staged disclosure. For example:
A. Funding ledger or grant register entries and award letters first
B. The contract and schedules
C. A targeted email search limited to custodians [names or teams], with keywords [list] and date range [range]

If section 12 cost is likely, please provide an itemised estimate showing tasks, time per task, staff grade used, rate applied, and how narrowing along A, B, or C would bring the request under the limit.

Vexatious
If you consider section 14, please particularise the grounds with specific evidence tied to this request.

Regards,
[Name]
[Contact]
[Date]

Subject: Section 12 estimate and narrowing options

Hello,

You cite section 12. Please provide the itemised estimate: tasks, staff grade, minutes per task, and the sampling you used. Please also confirm which of the following would meet the request under the limit:
• Provide the award letter and contract only
• Search only custodians [names] with keywords [list] for [date range]
• Provide funding ledger entries and the internal approval paper

Section 16 requires advice and assistance. Once you confirm the workable option, I will restate scope.

Regards,
[Name]

Subject: Section 14 refusal, request to particularise

Hello,

You rely on section 14. Please particularise the grounds with evidence linked to this request, not general history. Address purpose, proportionality, and burden, and explain why less intrusive narrowing would not resolve your concern. Absent clear particulars, I will seek an internal review.

Regards,
[Name]

Subject: Exemptions relied upon, reasons and public interest

Hello,

For each exemption relied upon, please provide:
• The specific subsection, for example section 43(2) commercial interests
• The prejudice or harm you assess, with a causal link to disclosure
• The public interest test outcome and factors considered, where qualified exemptions apply
• Redacted copies where partial disclosure is possible

For section 40 personal data, please provide third party redactions rather than refusal in full.

Regards,
[Name]

Subject: FOI internal review request

Dear FOI Officer,

I request an internal review of my FOI dated [date].

Grounds
• Deadline missed, or
• Section 12 cited without itemised estimate and section 16 advice, or
• Section 14 cited without clear particulars, or
• Exemptions applied without harm analysis or public interest test, or
• Inadequate searches of relevant custodians or systems

Please confirm who will conduct the review and the expected completion date.

Regards,
[Name]

• Please particularise which element of my request is unclear and what information you require me to clarify.
• If personal data is the issue, redact third party identifiers and disclose the rest.
• Please provide a schedule of withheld records with type, date, source system, and exemption applied.
• If section 12 cost is a concern, propose a staged approach and I will prioritise.
• If this is environmental information, please process under the EIR and apply the public interest test.
• Please confirm the preservation of all potentially relevant records pending completion.