Subject Access Request Generator for United Arab Emirates

A Subject Access Request is your legal right to ask any organization in the UAE what personal data they hold about you. Under UAE Federal Decree Law No. 45 of 2021, you can request details about how your information is being used, who has access to it, and where it came from.

Organizations must respond within 30 days of receiving your request, providing copies of your personal data in a clear format. They can only refuse in specific situations, like when sharing the information would reveal someone else's personal details or compromise national security. This right helps ensure transparency and data protection across Emirates businesses, government agencies, and other entities.

Submit a Subject Access Request when you need to understand exactly what personal information UAE organizations hold about you. Common triggers include discovering unauthorized data use, preparing for legal action, or verifying that your information has been properly updated or deleted.

These requests prove especially valuable when applying for jobs, dealing with financial institutions, or addressing concerns about data accuracy. For example, you might file one to check what health records a hospital maintains, to review your credit history with banks, or to verify how government entities are processing your residency information. This helps protect your privacy rights under UAE data protection laws.

• General Data Request: The standard form asking organizations to disclose all personal data they hold about you, including basic details like contact information and account records
• Specific Records Request: A targeted request focusing on particular data categories, such as employment records, medical files, or financial information
• Third-Party Access Request: Used when requesting information about data shared with other organizations under UAE data protection laws
• Urgent Access Request: For time-sensitive situations requiring expedited processing, often used in legal proceedings or emergency situations
• Data Processing Details Request: Asks for information about how your personal data is being used, stored, and protected by the organization

• Individual Data Subjects: UAE residents and citizens who submit requests to access their personal information held by organizations
• Data Protection Officers: Professionals responsible for handling and responding to Subject Access Requests within organizations
• Legal Departments: Review requests and ensure compliance with UAE Federal Decree Law No. 45 of 2021
• Government Entities: Process requests related to public services and maintain compliance with data protection regulations
• Private Organizations: Companies operating in the UAE must respond to requests about personal data they collect and process

• Personal Details: Gather your full name, Emirates ID, contact information, and any relevant account or reference numbers
• Organization Information: Identify the correct entity and their data protection officer's contact details
• Data Scope: Specify exactly what personal information you're seeking and the relevant time period
• Supporting Documents: Prepare proof of identity and any documentation supporting your request
• Format Preference: State how you want to receive the information (digital or physical copies)
• Timeline Needs: Mention any urgency or specific deadlines, noting the standard 30-day response period

• Requestor Identification: Full legal name, Emirates ID number, and current contact details
• Organization Details: Complete name and address of the entity holding your data
• Request Scope: Clear description of the specific personal data you're requesting access to
• Time Period: Specific date range for the information requested
• Legal Basis: Reference to UAE Federal Decree Law No. 45 of 2021 and your right to access
• Response Instructions: Preferred format for receiving information and secure delivery method
• Authentication Section: Space for signature, date, and identity verification documents

A Subject Access Request differs significantly from an Equal Employment Opportunity Request in both purpose and scope, though both involve personal data rights in UAE organizations.

• Purpose and Scope: Subject Access Requests focus on obtaining copies of all personal data an organization holds about you, while Equal Employment Opportunity Requests specifically address workplace discrimination or fair treatment concerns
• Legal Framework: Subject Access Requests operate under UAE's data protection laws (Federal Decree Law No. 45), whereas Equal Employment Opportunity Requests fall under employment and anti-discrimination regulations
• Response Requirements: Organizations must respond to Subject Access Requests within 30 days with comprehensive data disclosure, while EEO requests often involve internal investigations and remedial actions
• Data Coverage: Subject Access Requests can target any personal information across all organizational activities, but EEO requests typically focus on employment-related records and decisions