Data Subject Access Request (DSAR)

What is a DSAR?

Under the GDPR any individual whose personal data is obtained, stored or processed by an organization can make a request to that organization to obtain a copy of their information. This is known as a DSAR, and the right to access is one of the most powerful rights afforded to individuals under the GDPR.
Awareness amongst individuals of their right to access their own information is increasing, therefore organizations need to have robust procedures in place to be able to respond to DSARs.

 

Unsure of how to respond to a DSAR ? 

Here’s our five-step DSAR lifecycle for responding to DSARs:


DSAR lifecycle

 
DSAR received A Data Subject Access Request is received notify; the designated person within your organization; you have one month to respond.
DSAR engage Acknowledge receipt and verify the identity of the Data Subject 
DSARS Verify focus and Scope

Determine the scope of the request and identify the applicable data sources

What are they asking for ? Where is that Data?

DSARS Collection Collate and cull records from multiple sources with technology based solutions and automated processes

DSARS Review, Redaction and Handover

Review and redact data with technology to achieve a faster, more efficient auditable process