Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Subject Access Request
I need a subject access request document to formally request access to all personal data held by a company about me, including details on how my data is being used and shared, and to ensure compliance with GDPR regulations. The request should include a clear deadline for response and instructions on how the company should deliver the information.
What is a Subject Access Request?
A Subject Access Request is your legal right to ask any organization to share all the personal information they have about you. Under Dutch privacy law and the GDPR, you can request details about what data is being stored, how it's being used, and who it's being shared with.
Companies in the Netherlands must respond within one month of receiving your request and provide the information free of charge. You can make these requests verbally or in writing, and organizations must verify your identity before sharing the data. This right helps you understand and control how businesses and government agencies handle your personal information.
When should you use a Subject Access Request?
File a Subject Access Request when you need to understand exactly what personal information an organization holds about you in the Netherlands. This is particularly useful if you're applying for jobs and want to see your employment records, dealing with credit issues and need to check financial data, or investigating how your data is being used for marketing.
It's also valuable when preparing legal cases, addressing privacy concerns, or correcting outdated information. For example, if you notice inconsistencies in your medical records or suspect a company is mishandling your data, a Subject Access Request helps you gather evidence and take control of your personal information.
What are the different types of Subject Access Request?
- Data Subject Access Request Form: Standard comprehensive form for requesting all personal data from any organization
- CCTV Access Request Form: Specialized form specifically for requesting surveillance footage from security cameras
- Data Protection Request Form: Broader form covering multiple data rights, including access, deletion, and correction
- Data Subject Request Form: Simplified version for basic data access needs with minimal complexity
- DSAR Form: Detailed template with specific sections for different types of personal data categories
Who should typically use a Subject Access Request?
- Data Subjects: Any individual in the Netherlands who wants to know what personal information organizations hold about them
- Data Protection Officers: Professionals responsible for handling and responding to Subject Access Requests within organizations
- Organizations and Businesses: Any entity that processes personal data must respond to these requests within legal timeframes
- Legal Representatives: Lawyers and advisors who help individuals file requests or assist organizations in responding properly
- Dutch Data Protection Authority: Oversees compliance and handles complaints when organizations fail to properly respond to requests
How do you write a Subject Access Request?
- Personal Details: Gather your full name, contact information, and any reference numbers related to your relationship with the organization
- Identity Verification: Prepare a copy of your passport, ID card, or driver's license to prove your identity
- Data Scope: Specify exactly what information you're seeking and the time period it covers
- Organization Details: Note the correct legal name and contact information of the organization holding your data
- Format Preference: Indicate how you'd like to receive the information (digital or paper copy)
- Documentation: Keep copies of all correspondence and note the date you submit your request
What should be included in a Subject Access Request?
- Personal Identification: Clear statement of your full name, address, and any relevant account numbers
- Request Scope: Specific description of the personal data you're requesting access to
- Time Period: Clear indication of the date range for which you're requesting information
- Response Format: Statement of how you want to receive the information (electronic or physical copy)
- Identity Verification: Reference to enclosed proof of identity documents
- Legal Rights Reference: Citation of GDPR Article 15 and Dutch AVG implementation
- Response Timeline: Mention of the one-month statutory response period
What's the difference between a Subject Access Request and an Access Agreement?
A Subject Access Request differs significantly from an Access Agreement in both purpose and legal framework. While both deal with access rights, they serve distinct functions under Dutch law.
- Legal Basis: Subject Access Requests are a fundamental right under GDPR and Dutch privacy law, while Access Agreements are contractual arrangements between parties
- Purpose: Subject Access Requests focus on obtaining personal data an organization holds about you, whereas Access Agreements establish terms for accessing facilities, systems, or resources
- Duration: Subject Access Requests are one-time inquiries with a mandatory 30-day response period, while Access Agreements typically establish ongoing permissions
- Enforceability: Subject Access Requests are backed by data protection authorities and can't be denied without legal justification, but Access Agreements depend on mutual contract terms
- Cost Structure: Subject Access Requests must be fulfilled free of charge (with few exceptions), while Access Agreements often involve fees or considerations
Download our whitepaper on the future of AI in Legal
Genie’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; Genie’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our Trust Centre for more details and real-time security updates.
Read our Privacy Policy.