Data protection

New and updated

• Type:

  How to

  How to review your organisation's compliance with the UK GDPR

  New rules on data protection complaints are introduced by the Data (Use and Access) Act 2025, from 19 June 2026. Organisations should ensure that their processes and documentation are compliant, including informing data subjects of their right to complain, facilitating complaints, and responding without undue delay. 

• Type:

  How to

  How to respond to subject access requests from employees under the UK GDPR

  New rules on data protection complaints are introduced by the Data (Use and Access) Act 2025, from 19 June 2026. When an employer responds to a data subject access request, it is required to inform the employee of their right to complain to the employer. Employers must have procedures in place for responding to complaints.

• Type:

  How to

  How to conduct an audit of HR personal data for the UK GDPR

  From 19 June 2026, the Data (Use and Access) Act 2025 requires employers to have a process in place for handling data protection complaints. The systems in place for this should be included in any HR personal data audit.

• Type:

  Letters and forms

  Letter refusing request for erasure of personal data or asking for administrative fee

  This template letter has been updated to reflect new requirements from 19 June 2026 for handling data protection complaints, including making clear that individuals can complain to the organisation as well as to the Information Commissioner’s Office.

• Type:

  Letters and forms

  Letter asking for more information on request for erasure of personal data

  This template letter has been updated to reflect new requirements from 19 June 2026 for handling data protection complaints, including making clear that individuals can complain to the organisation as well as to the Information Commissioner’s Office.

• Type:

  Letters and forms

  Letter refusing request for rectification of incorrect or incomplete personal data or asking for administrative fee

  This template letter has been updated to reflect new requirements from 19 June 2026 for handling data protection complaints, including making clear that individuals can complain to the organisation as well as to the Information Commissioner’s Office.

• Type:

  Letters and forms

  Letter asking for more information on request for rectification of incorrect or incomplete personal data

  This template letter has been updated to reflect new requirements from 19 June 2026 for handling data protection complaints, including making clear that individuals can complain to the organisation as well as to the Information Commissioner’s Office.

• Type:

  Letters and forms

  Letter refusing subject access request or asking for administrative fee

  This template letter has been updated to reflect new requirements from 19 June 2026 for handling data protection complaints, including making clear that individuals can complain to the organisation as well as to the Information Commissioner’s Office.

• Type:

  Letters and forms

  Letter responding to subject access request providing requested information

  This template letter has been updated to reflect new requirements from 19 June 2026 for handling data protection complaints, including making clear that individuals can complain to the organisation as well as to the Information Commissioner’s Office.

• Type:

  Letters and forms

  Contractor privacy notice

  Use our updated template wording to review and amend your organisation’s contractor privacy notice to reflect new requirements from 19 June 2026 for handling data protection complaints.