Skip to main content

The Right of Access – Part 3 of the DPA 2018

Contents

Latest updates - 07 July 2026

07 July 2026 - This guidance was updated to reflect our style guide and the changes introduced by the Data (Use and Access) Act 2025.

10 February 2023 - This guidance was published.

About this guidance

This guidance discusses the right of access to personal information processed for a law enforcement purpose under part 3 of the Data Protection Act 2018 (DPA) in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding to help you apply the right of access under part 3 in practice. It’s aimed at ‘competent authorities’ that process personal information for any of the law enforcement purposes. In particular, Data Protection Officers and those with specific data protection responsibilities in the context of law enforcement processing.

If you haven’t yet read the ‘in brief’ page on the part 3 right of access, we recommend that you read that first. It introduces this topic and sets out the key points you need to know, along with practical checklists to help you comply.

Read this guidance if you have specific questions about dealing with subject access requests (SARs) under part 3. 

Where your processing operations are for general purposes only, refer to the right of access guidance under the UK GDPR. We will signpost to this guidance when it may be useful. If you want to find out more about intelligence services SARs, see our guidance on intelligence services processing – the right of access.

To help you understand the law and good practice as clearly as possible, this guidance says what organisations must, should and could do to comply.