Skip Ribbon Commands
Skip to main content
Data Protection Office
Data Protection Office>To request access to personal data

To request access to personal data

Request for access to personal data



How to submit your request

You may download (word version) (pdf version) our request form for access to data, fill and email it to the data controller.



Notes
1.

This form must be filled in by the data subject or the relevant person, as the case may be, as described under section 2 of the Data Protection Act, to request any information relating to his personal data kept by the data controller.

2.

After filling this form, it must be sent, with the appropriate prescribed fee (Rs 75.) to the data controller for compliance with the request.

3.

Data is information which is capable of being processed manually or by automated means.

4.

A “relevant person”, in relation to a data subject, is a person –

(a) who has parental authority or has been appointed a guardian by the court where the data subject is a minor;
(b) who has been appointed a guardian by the court where the data subject is physically or mentally unfit;
(c)

in any other case, who is duly authorised by the data subject in writing to make the request.

5.

A “data controller” is a person or a group of persons, who decides on the purposes for which personal data are kept and processed.

6.

A “data subject” is a living individual who is the subject of personal data.

7.

Subject to paragraph 8 below, a data controller may refuse a request for access to personal data if he is not supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request and to locate the information which the person seeks, or compliance with the request will be in contravention with his confidentiality obligation under any other enactment.

8. If the data controller is unable to comply with a request within 28 days after the receipt of the request, he must, before the expiry of that period, inform the data subject or the relevant person (as the case may be), that he is unable to comply with the request. The data controller must, if required, state the reasons of his inability to comply with the request.

The data controller must, as soon as is reasonably practicable, after expiry of the 28 days, comply with the request.