Skip to content
Templates calendar_today Updated: 7 April 2026 schedule 2 min read

Template: Data Subject Request Register

Keep track of all GDPR requests you receive in a register. This template helps you document what you received, when, and how you responded.

summarize Key Takeaways
  • check_circle You are required to document all received requests
  • check_circle The supervisory authority can request your register at any time
  • check_circle Always record the type of request, the date, and the handling status
  • check_circle Keep the register separate from the personal data itself

Why a request register?

All organisations must inform data subjects about their GDPR rights and have the right processes in place to handle requests promptly. It is important to correctly document each received request:

  • The supervisory authority can request your register at any time
  • In case of a complaint, you can demonstrate that you responded correctly and on time
  • You keep oversight of which requests are still open

The template

We have created a ready-to-use Google Sheets template that you can copy and use directly:

Open the request register in Google Sheets

Make a copy via File > Make a copy and fill in a row for each received request.

What information to record

For each request, you should record at minimum:

  • Date of receipt - this determines your deadline (one month)
  • Type of request - access, deletion, correction, restriction, portability, objection
  • Name and contact details of the requester
  • Whether identity was verified - and how (ID copy, logged-in account, etc.)
  • Date of your response - to prove you responded within the deadline
  • Result - handled, refused (with reason), or referred
  • Any notes - specifics, e.g. “2-month extension requested”

Tips

  • Keep the register separate from the personal data itself
  • Set a reminder for requests that are still open
  • Use the response templates to respond quickly and correctly
auto_awesome Automate your GDPR file?

GDPRWise scans your website, generates your processing register and privacy policy, and gives you a tailored action list. Ready in 15 minutes.

GW
GDPRWise Editorial

This article was written by the GDPRWise team and reviewed by our privacy experts. We regularly review our content for accuracy and legal correctness.