Ƶ

Subject Access Request Template for Nigeria

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your document

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Subject Access Request

I need a subject access request document to formally request access to all personal data held by a company about me, including details on how my data is being processed, shared, and stored, with a response deadline of 30 days as per data protection regulations.

What is a Subject Access Request?

A Subject Access Request is your legal right to ask any organization in Nigeria to show you all the personal information they have about you. Under Nigeria's Data Protection Regulation (NDPR), you can request copies of your data, learn how it's being used, and know who has access to it.

Organizations must respond to these requests within 30 days and provide the information in a clear format. You can make this request verbally or in writing to any company, government agency, or organization that handles your personal data - from banks and hospitals to employers and schools.

When should you use a Subject Access Request?

Submit a Subject Access Request when you need to understand exactly what personal information Nigerian organizations hold about you. This is especially useful if you spot errors in your records, suspect unauthorized data sharing, or need documentation for legal proceedings. It's also valuable when applying for jobs, loans, or insurance and want to verify what information potential partners can access.

Many Nigerians use these requests when dealing with banks, telecoms, or healthcare providers, particularly after experiencing service issues or identity concerns. The NDPR guarantees your right to see this data, making it a powerful tool for protecting your privacy and ensuring organizations handle your information correctly.

What are the different types of Subject Access Request?

  • General Written Request: The standard format submitted by letter or email, detailing your identity and the specific personal data you want to access.
  • Digital Platform Request: Submitted through an organization's website or portal, often using their prescribed online forms.
  • Emergency Access Request: Used when immediate access to personal data is needed for urgent medical or legal situations.
  • Third-Party Request: Made by authorized representatives like lawyers or guardians, requiring additional proof of authority.
  • Sector-Specific Request: Tailored formats for banking, healthcare, or telecommunications, addressing industry-specific data protection requirements under NDPR.

Who should typically use a Subject Access Request?

  • Data Subjects: Any Nigerian citizen or resident who wants to know what personal information organizations hold about them.
  • Data Controllers: Companies, government agencies, and organizations that collect and process personal data, responsible for responding to requests.
  • Data Protection Officers: Professionals who handle Subject Access Requests and ensure compliance with NDPR requirements.
  • Legal Representatives: Lawyers who help individuals file requests or challenge responses.
  • NITDA Officials: Regulators who enforce data protection rights and handle complaints about unmet requests.

How do you write a Subject Access Request?

  • Personal Details: Gather your full name, address, contact information, and any account or reference numbers linked to the organization.
  • Identity Proof: Prepare a valid Nigerian ID, such as your National ID card, passport, or driver's license.
  • Data Scope: List specific information you're seeking and relevant time periods.
  • Organization Details: Note the correct legal name and contact information of the data controller.
  • Format Choice: Specify how you want to receive the information (email, paper copy, or digital file).
  • Documentation: Keep copies of all correspondence and proof of delivery.

What should be included in a Subject Access Request?

  • Personal Identification: Full name, address, and valid ID details that establish your identity under NDPR guidelines.
  • Request Scope: Clear description of the specific personal data you're requesting access to.
  • Time Period: The relevant date range for the information you're seeking.
  • Legal Authority: Reference to NDPR Article 3.1(7) establishing your right to access.
  • Response Format: Your preferred method of receiving the information.
  • Third-Party Authorization: If applicable, documentation proving your right to request on someone's behalf.
  • Declaration: Statement confirming the request's legitimacy and accuracy of provided information.

What's the difference between a Subject Access Request and an Access Control Policy?

A Subject Access Request differs significantly from an Access Control Policy. While both deal with data access, they serve distinct purposes under Nigerian data protection law.

  • Purpose and Direction: Subject Access Requests flow from individual to organization, demanding specific personal data. Access Control Policies flow from organization to users, setting rules for data handling.
  • Legal Framework: Subject Access Requests are individual rights under NDPR, requiring organizations to respond within 30 days. Access Control Policies are internal governance documents that organizations create voluntarily.
  • Scope: Subject Access Requests focus solely on personal data about the requester. Access Control Policies cover all organizational data, systems, and access permissions.
  • Enforcement: Subject Access Requests are legally enforceable through NITDA. Access Control Policies are enforced through internal disciplinary measures.

Get our Nigeria-compliant Subject Access Request:

Access for Free Now
*No sign-up required
4.6 / 5
4.8 / 5

Find the exact document you need

No items found.

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

ұԾ’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ұԾ’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.