Question to the Home Office:

To ask the Secretary of State for the Home Department, what discussions her Department has had with the Metropolitan Police Service on the level of its compliance with its statutory obligations (a) under the Data Protection Act 2018 and (b) with GDPR in relation to Subject Access Requests from members of the public.

Compliance with data protection obligations, including the handling of Subject Access Requests (SARs), is the responsibility of individual police forces. The Information Commissioner’s Office (ICO) produces guidance for organisations on how to comply with data protection law.

The Data (Use and Access) Act received Royal Assent in June 2025 and includes some changes to data protection obligations while maintaining high standards of protection for personal data.