Why Every Irish Consumer Should Send a Subject Access Request
Under the General Data Protection Regulation (GDPR), every person in Ireland has the right to request a copy of all personal data that any organisation holds about them. This is called a Subject Access Request (SAR), and it is, without exaggeration, the single most powerful weapon in a consumer’s arsenal when dealing with banks, insurers, and other financial service providers. Yet the vast majority of Irish consumers have never sent one.
A SAR forces the company to hand over everything: account records, transaction histories, internal notes, emails between staff members discussing your case, call recordings, complaint files, and any data they have shared with third parties such as the Central Credit Register or debt collection agencies. The company has 30 calendar days to respond, and the request is free of charge. If they fail to comply, you can report them to the Data Protection Commission, which has the power to impose significant fines.
The strategic value of a SAR in a consumer complaint cannot be overstated. Internal notes often reveal that staff knew about an error but failed to act, that a complaint was deprioritised, or that a decision was made without following proper procedures. This kind of evidence transforms a “your word against theirs” situation into a documented case. In several FSPO decisions, SAR evidence has been the decisive factor in awarding compensation to the consumer.
Sending a SAR is straightforward: you simply email the company’s Data Protection Officer (or their general complaints address) stating that you are making a request under Article 15 of the GDPR. You do not need to use any special form, despite what some companies may claim. Include your full name, date of birth, and account number to help them locate your records. We provide a ready-to-use template in our guides section that you can send in under two minutes.
Ready to find out what they hold on you? Use our SAR template.
Send a Subject Access Request