Privacy Regulations have changed
GDPR went live on 25th May 2018
In May 2018, the UK’s Data Protection Act was superseded by the GDPR. The GDPR is designed to give citizens more control of the information organisations hold on them and how that information is used.
There are now tougher penalties for organisations that don’t keep accurate records or who don’t have a valid reason for holding the information.
The UK’s Information Commissioner’s Office (ICO) could previously fine up to £500,000 for malpractice, but under the GDPR they can now fine up to €20 million or 4% of annual turnover (whichever is higher). Individuals can also sue a business for compensation to recover both material damage and non-material damage, like distress.

What is a SAR?
SAR = Subject Access Request
A SAR is a request that individuals can make to organisations to be provided with a copy of any information held on them.
When the GDPR went live in May 2018, a key change was that SARs will have to be completed within a month and organisations will no longer be able to charge for them. Previously, individuals could ask for the information but an organisation could take up to 40 days to supply it and they could charge a £10 fee.
Public reaction
How will the public react to these changes?
We’re often asked by businesses to predict how many SARs people will make now that the General Data Protection Regulation (GDPR) has come into force. There is currently limited data on this and so we decided to ask the public, just over 1000 people, what they knew about the privacy changes and if they intended to raise a SAR to find out about what information companies held on them.
We found that 57% of people said they would want to request their data. We also found that they were most likely to ask the finance and banking sector, mobile network providers and social media platforms; some will also ask their current or past employers.
The Environmental Impact
of Brits will submit a SAR
trees used for printing
football pitches worth of trees

Why print?
Companies need to go digital
Completed SARs can use a staggering amount of paper. When an Exonar employee submitted a SAR to their bank – with whom they have been a customer for over 10 years – they received around 800 pieces of paper delivered in two large boxes by a courier.
Companies can provide the data they hold on you in digital form and 92% of consumers told us that is how they would prefer to receive their information. However many organisations aren’t geared up to support this and the financial impact to these businesses, combined with the cost to the environment to produce the paper and ship it securely is staggering.
Plant a tree for every SAR
Make a donation to the Woodland Trust
In order to offset the environmental impact of producing paper-based subject access requests (SARs) and to encourage organisations to consider moving towards a digital process, Exonar is asking that for every SAR that is produced in paper, organisations either plant a tree or make a donation to the Woodland Trust.

Get the Report
Read the full results of our consumer survey
Find out which sectors are most likely to receive SARs and which parts of the UK will see more requests than others.
Fill in the form to get access to all the insights.
We are committed to respecting your privacy and protecting your personal information. We try hard to make our communications with you interesting and relevant and always with a view to providing insight into our industry challenges and their solutions. Maybe opt for giving us a try and tick the box – you can opt out at any time. We promise not to spam you!