Skip to Main Content
United Kingdom
Select regional store:
Get 25% off training for life with the IT Governance Rewards Club. Plus, get a free e-book with every training course booking this November!
DSAR as a Service

DSAR as a Service

SKU: 5301
Format: DSAR as a Service
Published: 13 Dec 2018
Availability: Available

Responding to DSARs (data subject access requests) can be fraught with complications, including timely response, identity verification, redactions and third-party permission. DSARs are heavily regulated under the GDPR (General Data Protection Regulation), and individuals are more aware they have rights when it comes to their data.

With DSAR as a Service our experts take the strain, liaising with individuals to ensure the DSAR is fulfilled correctly and reducing compliance concerns.

This service is provided by IT Governance’s sister company GRCI Law Limited, a specialist in data privacy, cyber security, and legal and compliance advisory services.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Accommodating DSARs

The GDPR requires you to respond within one month to requests from individuals about their personal data. These requests, known as DSARs, must be processed without charge.

DSARs can be a substantial administrative burden, particularly as they must all be treated individually. There are multiple challenges to address within a short timeframe:

  • Recognising the receipt of a DSAR.
  • Verifying the identity of the requester. Where requests are made on behalf of others, such as through a solicitor, you need to ensure the third party making the request is authorised to act on behalf of the individual.
  • Assessing whether the request is valid, and what information is to be provided.
  • Reviewing collected information and redacting data relating to third parties where their consent is unavailable.

DSAR as a Service

We can support you throughout this complex process with DSAR as a Service. Our team of experienced data privacy lawyers and DPOs (data protection officers) will manage the process on your behalf to ensure requests are completed in accordance with, and in the timeframe prescribed by, the GDPR. This involves:

  • Reviewing and assessing the nature and validity of the DSAR;
  • Verifying the individual’s identity;
  • Locating the data – liaising with the appropriate person or department to acquire all the personal information relating to the individual;
  • Information screening – obtaining consent from third-party individuals where their personal information is contained within the search results and, where it is unobtainable, applying redactions and exemptions;
  • Formally disclosing the information to the individual;
  • Documenting the facts relating to the DSAR; and
  • Liaising with the relevant supervisory authority if needed.

Service options

DSAR as a Service is provided by GRCI Law Limited (GRCI Law, a subsidiary of GRC International Group plc), a specialist in data privacy, cyber and information security, and legal and compliance advisory services.

Small Standard Enterprise Bespoke
Approximately 5 to 10 DSARs annually Approximately 11 to 20 DSARs annually Approximately 21+ DSARs annually According to your needs
50 hours included 100 hours included 150 hours included Includes ability to service one-off DSARs

Customer Reviews

This website uses cookies. View our cookie policy
WIN £250