Data Subject Access Request (DSAR)

In today’s world organizations generate significant amounts of material which is likely to contain personal data and which will need to be collated, reviewed and processed for the purpose of responding to a DSAR.

DSARs can be notoriously time-consuming to manage and, under the GDPR, the time frame organizations have to respond has been reduced to one month.

One month deadline?

  • Clock is ticking: Has your organization ever received a data subject request? Were you struggling with data subject access request and provide the required information within the one month deadline?
  • Data mapping: Would you know how to search for the data and where the data sits?
  • Human Resources: Did you need to pull resources from their core work to respond to a DSAR or decide to hire external resources to help with the workload?
  • Process and audit: Do you have a set of processes in place to handle these requests and defend the output?

  Learn more about how to simplify, automate and reduce your response time for DSARs.


Responding to a DSAR within the short deadline of one month can be challenging. It will require an understanding of the request, running searches, identifying relevant documents and redacting sensitive data, which may not be possible to do efficiently with common IT platforms.

Our data management team can assist your organization with the data protection expertise, assistance in scoping, data mapping, recommended approaches and the use of market leading technology to tackle the challenges presented by a DSAR: reducing the amount of data to review and provide you with a defensible approach.

Here’s our three-step process for responding to a DSAR:

DSAR Process