Skip to content

Your data rights

Keeping Good Records of Your Data Requests

A calm, practical guide to logging the data requests you send — what to write down, why it matters, and how a simple record helps you follow up, escalate, or simply stay on top of things under UK GDPR.

In short

Keep good records of your data requests by saving a dated copy of each one, noting which organisation you contacted and what you asked for, and tracking the reply deadline. A simple log — date sent, organisation, request type, due date, and outcome — lets you follow up, chase a late response, or escalate to {authority} with the evidence already to hand.

Why a simple record is worth keeping

When you exercise a data right — asking an organisation for a copy of your personal data, asking it to correct something, or asking it to delete data — you are starting a small process with a timeline attached. Under the UK GDPR, an organisation usually has one month to respond to a request like a data subject access request. A short record of what you sent, and when, is what lets you tell whether that clock has run out.

Records matter most when something does not go to plan. If a reply is late, incomplete, or never arrives, a dated copy of your original request is the single most useful thing you can have. It removes any doubt about what you asked for and when, and it makes a polite follow-up — or a complaint to the regulator — straightforward rather than stressful.

None of this needs to be elaborate. A note in a document, a folder of saved emails, or a few rows in a spreadsheet is enough. The goal is simply that, weeks or months later, you can answer three questions without hunting: who did I ask, what did I ask for, and what happened next.

What to record for each request

A good record captures just enough to act on, and no more. Work through these as a short checklist each time you send a request, and you will have everything you need if you ever have to chase or escalate.

  • The date you sent the request, since the response deadline is counted from when the organisation receives it.
  • The organisation you contacted, and the email address or postal address you used — this is who the request actually went to.
  • What kind of request it was: a copy of your data (access), a correction (rectification), a deletion (erasure), or an objection.
  • A saved copy of the exact wording you sent, ideally as the original email or a PDF, so there is no ambiguity later.
  • The date a reply is due — usually one month from when the request was received — so you know when to follow up.
  • Any reference number the organisation gives you, and the date and outcome of their reply when it arrives.

Turning records into action

A record is only useful if it prompts the right next step at the right time. The most common moment is a missed deadline: if the response date you noted has passed with no reply, your saved request is the evidence you need to send a calm follow-up referencing the original date and what you asked for.

If a follow-up still brings no satisfactory answer, the same record supports a complaint to the Information Commissioner's Office (ICO), the UK's data protection regulator. Having the dates, the wording, and any reference number already to hand turns what could be a frustrating exercise into a few minutes of copying from your own notes. Keeping replies alongside requests also helps you see the full picture across several organisations at once.

Over time, a tidy log becomes a quiet map of your own digital footprint — which organisations hold your data, what you have asked them, and where things stand. This article is general information, not legal advice; for guidance on your specific situation, consider speaking to a qualified professional or contacting the relevant regulator directly.

Frequently asked questions

What is the most important thing to keep for each request?

A dated copy of the exact request you sent — ideally the original email or a saved PDF. It removes any doubt about what you asked for and when, which is what you need to send a follow-up or, if necessary, to raise a complaint with the regulator later.

How long should I keep these records?

There is no fixed rule, but it is sensible to keep a record at least until the request is fully resolved, and for a while after in case a question comes up. Since these are notes for your own use, you decide how long they stay useful to you.

Do I need special software to keep records?

No. A note in a document, a dedicated email folder, or a few rows in a spreadsheet is plenty. The aim is simply to be able to answer who you asked, what you asked for, when, and what happened — without having to search for it.

How do my records help if a reply is late?

Under the UK GDPR an organisation usually has one month to respond. If the due date you noted has passed, your saved request lets you send a calm follow-up referencing the original date and wording, and supports a complaint to the Information Commissioner's Office (ICO) if needed.

Related terms

This is general information, not legal advice. For guidance on your own situation, consider speaking with a qualified professional.

Reviewed by OSINTA's founding lawyer — 2026-06-27.

Want to keep your data requests in one calm place?

OSINTA helps you understand your own digital footprint and exercise your own data rights — calmly, and on your terms. You stay in control of every step.

See the DSAR guideJoin the waitlist