When Will They Respond?

Deadline Calculator for SAR & FOI Requests
Calculator SAR Guide FOI Guide

Calculate Deadline

The date you sent the email or posted the letter.
Did the organisation inform you of a specific extension?
If the clock stopped while they waited for ID, enter days here.
GDPR ARTICLE 12

Subject Access Request

Your right to access personal data

Standard deadline 1 Calendar Month

Valid extension reasons

Complex: Large volumes, legacy systems, heavy redaction
Numerous: Multiple requests in a short time
"We are busy" or "Staff shortages" are not valid reasons.

Stopping the clock

If they need ID or clarification, the time limit pauses until you reply. Respond quickly to avoid delay.

ICO Guidance on SARs

Your Rights & How to Use Them

Knowledge is power. Here's what organisations won't always tell you about your rights.

SAR

Subject Access Requests

Common Misconceptions

  • Myth: You must use their webform or "official channel"
  • Truth: Any email, letter, or even social media message counts as a valid SAR
  • Myth: They can delay while you use their "preferred form"
  • Myth: Organisations can charge a fee for responding to your SAR
  • Truth: SARs are FREE. They can only charge if the request is "manifestly unfounded or excessive" - and they have to prove it
  • Myth: You're only entitled to documents, not information extracted from them
  • Truth: You're entitled to YOUR personal data, not documents. They can extract your data and present it in a table - don't let them hide behind "we'd have to create new documents"
  • Myth: If they ask for clarification, the clock keeps running
  • Truth: The time limit pauses where clarification is genuinely required to identify the data requested.
  • Truth: The clock starts when the organisation receives your request - for email that's usually immediate, for post it's when delivered

Pro Consumer Tips

  • Keep proof of sending: Email receipts, proof of postage, or screenshots
  • You DON'T need to quote "GDPR" or "Article 15" - just asking for your data is enough
  • No ID needed upfront - You don't need to provide ID unless the organisation reasonably requests it to verify your identity. Wait to be asked.
  • "We're busy" is NOT a valid extension reason - only complexity or numerous requests count
  • They can't dictate how you search - Organisations sometimes claim you must use their search terms or specify which systems to check. Actually, THEY must do a "reasonable and proportionate search" - you don't have to do their job for them
  • "Manifestly excessive" is hard to prove - If they refuse saying your request is excessive, challenge it. A request isn't excessive just because it's large - they must prove it's disproportionate
  • Watch for hidden data tricks - Some organisations try to give you redacted PDFs when they should provide searchable data. If they send spreadsheets, check for hidden columns - they've accidentally disclosed personal data before
  • Schools and councils play the "safeguarding" card too often - There's NO blanket exemption for safeguarding. They must actually apply specific exemptions, not just wave the word "safeguarding" around

Remember: If they try to redirect you to a webform, politely remind them that your original message already counts as your SAR and the clock is running.

FOI

Freedom of Information

Common Misconceptions

  • Myth: You need to use a specific form or mention "FOI"
  • Truth: Any written request (email/letter) with your name and address is valid - you don't even need to say "FOI"
  • Myth: They can refuse if you're not a UK citizen
  • Myth: They can charge you for the time spent searching for information
  • Truth: They can only charge for postage, photocopying, or other "disbursements" - NOT staff time or search costs
  • Myth: If they're late responding, there's nothing you can do
  • Truth: The ICO has issued enforcement notices to councils with poor response times. They CAN be held accountable
  • Myth: They can refuse if they think your request is "vexatious" just because you've complained before
  • Truth: "Vexatious" has a high legal threshold - it must cause unjustified distress or be obsessive. Legitimate scrutiny, even if critical, does not automatically make a request vexatious.
  • Truth: FOI rights apply to anyone in the world

Pro Consumer Tips

  • Check if it's already published first - many public authorities have disclosure logs
  • Be specific but not overly narrow - describe the information, not documents
  • No fee for most requests - but they can charge for postage/photocopies if you want paper copies
  • If they exceed cost limit (£450/18 hours) - ask them to help you refine your request
  • Don't let them call you "vexatious" to shut you up - Campaigners and journalists exposing council failures are NOT automatically vexatious. If they try this, point to ICO guidance: legitimate scrutiny is protected.
  • If they say "we'll publish it later" - hold them to it - This exemption only applies where there is a clear and genuine plan to publish. Ask for a specific date and challenge unreasonable delay.
  • Enforcement action – The ICO has taken formal action against public authorities for poor FOI compliance, including issuing enforcement notices to clear backlogs and improve response times.
  • You CAN ask for information in accessible formats - If you need Braille, large print, or audio format, public authorities have duties under the Equality Act to make reasonable adjustments where required.
  • They can't refuse just because they don't like your tone - While they recommend polite language, a request can't be refused solely because you're angry or frustrated - especially if you've been fighting for information for months

Remember: If they ask for clarification, the clock stops. Respond quickly to keep them on the hook!

What Happens After You Submit?

1

Acknowledgement

Most organisations acknowledge within a few working days (good practice, not a legal requirement)

2

Processing

They locate information, redact exempt parts, and apply exemptions if needed

3

Response

You get the information or a valid refusal notice explaining why

⏰ If they miss the deadline

Use our chaser email template above. If still ignored, request an internal review promptly (usually within 40 working days of the response)

⚖️ If you're unhappy with the response

First request internal review. The ICO expects complaints to be raised within 3 months of the final response

Any Refusal MUST Be Properly Justified

If an organisation tries to refuse your request, they can't just say "no" and ignore you. The law requires them to follow strict rules. Here's what a valid refusal MUST include:

SAR Refusals (UK GDPR Article 12)

If they refuse your SAR, they MUST provide:

  • ✓ The specific reasons for refusal
  • ✓ Which exemption they're relying on (e.g., legal professional privilege, crime and taxation)
  • ✓ Your right to complain to the organisation
  • ✓ Your right to complain to the ICO
  • ✓ Your right to seek enforcement through the courts

Watch out: If they refuse using vague terms like "excessive" without explanation, they're likely trying it on. The burden of proof is on THEM to demonstrate why.

FOI Refusals (Section 17 FOIA)

For FOI requests, a valid refusal notice MUST include :

  • ✓ The specific exemption(s) they're relying on (e.g., Section 21, Section 40)
  • ✓ Why the exemption applies - they must explain their reasoning
  • ✓ Public interest test results (for qualified exemptions)
  • ✓ Details of internal review procedures
  • ✓ Your right to appeal to the ICO

Note for vexatious claims: Even if they call you "vexatious" under Section 14, they should still issue a refusal notice within 20 working days explaining this.

What Happens If They Don't Issue a Proper Refusal?

The ICO has issued enforcement notices to public authorities that repeatedly fail to respond properly:

Police forces

Ordered to clear hundreds of overdue FOI requests after years of poor compliance, with warnings they could be held in contempt of court.

Local authorities

Given deadlines to clear backlogs after compliance dropped below 40% in some cases.

NHS trusts

Required to publish action plans after responding to as few as 2.5% of requests on time.

If they don't comply with ICO enforcement, they can be taken to court for contempt under section 54 of FOIA.

Simple Request Templates (Copy & Paste)

SAR 
Dear [Organisation],

Please provide the following personal data you hold about me under UK GDPR Article 15:

[Clearly describe the information you want]

Where any data is withheld, please state the legal basis. Where no data is held, please confirm this in writing.

Full name: [Your Name]
Email address: [Your Email]

If you require proof of identity, please let me know.

[Your Name]
FOI 
Dear [Public Authority],

Please provide the following information under the Freedom of Information Act 2000:

[Clearly describe the information you want]

Where any information is withheld, please state the specific exemption relied upon and whether the public interest test has been applied.

Name: [Your Name]
Email address: [Your Email]

[Your Name]

* No need to overcomplicate it - these simple requests are legally valid

The law is on YOUR side. Don't let organisations intimidate you with jargon or "official channels."

All information on this page is based on UK GDPR, the Freedom of Information Act 2000, and current ICO guidance. Every effort is made to keep this information accurate and up to date. Last reviewed: March 2026.

Disclaimer: This tool is for guidance only and does not constitute legal advice. Deadlines are estimates based on standard UK regulations (GDPR / FOI Act) and may be affected by individual circumstances, postal delays, or specific organisational policies. Always verify critical deadlines with official sources such as the Information Commissioner's Office (ICO) or seek independent legal advice. The developer accepts no liability for errors, omissions, or actions taken based on this calculator.

© Jack Whittle (JWD Media). All rights reserved.

Cookie Policy

Contains public sector information licensed under the Open Government Licence v3.0.