DSARs are becoming increasingly common, and failure to respond in accordance with the GDPR’s (General Data Protection Regulation) requirements can lead to significant fines and sanctions.
Access requests can be submitted in any format, so it is important that you have a suitable process in place to handle DSARs easily and efficiently.
The following flowchart outlines the key steps for responding to a DSAR, as well as the things to consider at each step.
The extra stages to the right act as a reminder that you have one month (from the date that it is received) to respond to the DSAR, and that you should keep records to demonstrate that you have done so.
Need further help with DSARs?
Download our free guide A Concise Guide to Data Subject Access Requests (DSARs) to discover more about:
- The key changes for organisations responding to DSARs under the GDPR;
- Who is responsible for handling DSARs;
- What data needs to be provided and exceptions to consider; and
- A process for responding to DSARs that you can adapt to meet your needs and comply with the law.