Image Promo description

Register to use our site and access free newsletters, book events and lots more.

You don't have to be a member to use our site. Already registered? Login here

Become a member today

The Chartered Institute of Housing is the independent voice for housing and the home of professional standards

The truth about subject access


Charlotte Lewendon, information management, governance and risk manager at The Guinness Partnership, gives us some practical tips for processing subject access requests.

Speech bubblesProcessing subject access requests can be a daunting task for housing staff but there are some simple practical steps which can help meet compliance with the Data Protection Act 1998 (DPA) and make sure the person making the request gets a good level of customer service. Here are my top tips.

  • Make sure that all staff within the organisation know what a subject access looks like, whether it could be dealt with as a routine enquiry and if not who to send it to in the organisation. The sooner it reaches the right person the sooner the request can be processed. A routine enquiry could be “Can I have a copy of my tenancy agreement or my rent statement?”
  • Check that you have proof of identity if you need it, the £10 fee (if you charge) and signed authority where someone is acting on the behalf of a third party such as a solicitor.
  • Keep a log of all subject access requests recording receipt, owner and date of response.
  • Do you have enough detail to locate the information?  You should not second guess or assume you know what they are seeking.  Engage with the person who has made the request as it could save you time and effort in locating the information they want.
  • Keep a record of the searches you have made to locate the information that is being asked for.  This will help should a complaint be made to the Information Commissioner’s Office (ICO).
  • Keep the person who has made the request updated on the progress of the request.  Send an acknowledgment setting out when they can expect a response and the name of the person dealing with their request.
  • Remove third party data where it is not already known to the customer or it is not reasonable to provide it.  For example a member of staff’s name that has been dealing with their tenancy.
  • In the covering response give as much contextual detail to help the requester understand the information being provided.  This is in addition to the requirement to explain any codes or acronyms in the information.
  • Keep a copy of what you have sent out and what information you have withheld or redacted in case of future queries or a complaint to the ICO.

Finally, there is a lot of good practical advice in the ICO’s Code of Practice on Subject Access.

Please log in to comment

Your comments

No comments made yet

Join today

We’re here to help you make a difference. Join CIH today and discover your potential


Fire safety

All the latest info and fire safety resources for housing professionals


The new housing apprenticeships

With a century of experience equipping housing professionals with the skills they need to do the brilliant work they do, we can help you make the most of the new housing apprenticeships – whatever stage of the journey you are at.