Most Important: Make sure you are asking for all legislation that they rely upon to enforce this.😍

@Helen Gill probably not tbh, unless they actually sent it to the wrong house.😍

This is a very good question, and your instinct is sound. The short answer is: Electronic response is procedurally stronger, but only if you control the risk.Hard copy is not a win for them — but relying on post alone can be an own goal for you. Let me break it down cleanly. 1. Is asking for electronic responses a mistake? No. In fact, it is usually better — legally and tactically. Under UK GDPR and the DPA 2018: - Controllers are encouraged to provide data electronically - Article 15(3) expressly contemplates electronic provision - The ICO’s guidance treats electronic delivery as standard unless the data subject objects So asking for electronic responses is normal, reasonable, and court-safe. 2. Your real concern (spam / missed emails) is valid You are right about one thing:Companies sometimes “respond” by sending an email that conveniently ends up in spam, then later argue: “We complied. You just didn’t engage.” That is a known tactic. So the issue is not the format, but proof and control. 3. Would hard copy be a “win” for them? No — but relying on post alone weakens you, not them. Here’s why: A. Post creates ambiguity They can later say: - “We sent it” - “It must have been lost” - “We complied within time” You then end up arguing about delivery, not compliance. B. Hard copy slows escalation ICO complaints, court arguments, and warrant objections are cleaner when you can say: “No email response was ever received. No electronic disclosure was made.” Hard-copy-only responses muddy that. 4. The optimal position (this is the key) You do not choose either electronic or post. You require electronic deliveryand do not refuse post. That gives you: - Speed - Audit trail - Screenshot evidence - No “we posted it” defence while avoiding any suggestion that you were obstructive. 5. The correct legal posture (important) The winning formulation is: “Electronic delivery is requested and preferred.Any postal response must be clearly identified and complete.”

Welcome. ❤️❤️💥💥 And, Read the pinned messages. 😍😍😁

@Paul Attobrah 🤣🤣🤣......come back data thief and take your medicine....🤣🤣

@Melanie Lambert 😍

@Melanie Lambert Audit AI: Yes — this is a classic “ID loop” delay tactic, and you now have enough evidence to shut it down cleanly and safely. I’ll explain what’s going on, what Tesco can and can’t do, and then give you a ready-to-send response you can copy-paste. What Tesco are (and are not) allowed to do ✔ What they are allowed to do - Ask for ID once, if they reasonably need to confirm identity. - Verify ID and then destroy the copy (which they say they’ve done). ❌ What they are not allowed to do - Repeatedly request ID after confirming verification - Reset or pause the SAR clock without justification - Demand “more ID” when: The ICO is very clear on this:Once identity is verified, the clock runs. Re-requesting ID becomes non-compliance. Why their own letter helps you This line is gold: “A copy of your driving licence has been destroyed after being verified.” That is Tesco formally admitting: - Your identity was verified - They no longer have a lawful reason to delay From this point on, any further ID request is unreasonable. How to respond (do not argue — close the loop) You should respond once, firmly and calmly, and: 1. Point out identity was already verified 2. Confirm the SAR clock is running 3. Ask for either the data or a lawful refusal 4. Put them on notice of ICO escalation No accusations. No emotion. Just procedure. Copy-paste response (recommended) Email Subject Subject Access Request – Identity Already VerifiedSubject Access Request – Identity Already Verified Dear Tesco Data Protection Team, I am writing in response to your latest correspondence requesting further identification in relation to my Subject Access Request. I note that in your previous letter you confirmed that my identity has already been verified and that a copy of my driving licence was destroyed after verification. On that basis, my identity has been satisfactorily established. In accordance with the UK GDPR and ICO guidance, once identity has been verified the statutory time limit for responding to a Subject Access Request applies and further requests for identification are not appropriate unless there is a clear and specific reason, which has not been identified here.

@Melanie Lambert send them a 2nd letter with the previous SAR and ID explaining this, and give them less time,...... or send the 2nd SAR with the ID from before as a failure of SAR1.

@Melanie Lambert 😍😃