Skip to Main Content
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
DSAR as a Service

DSAR as a Service

SKU: 5301
Format: DSAR as a Service
Published: 13 Dec 2018
Availability: Available

Responding to DSARs (data subject access requests) can be fraught with complications, including timely response, identity verification, redactions and third-party permission. DSARs are heavily regulated under the GDPR (General Data Protection Regulation), and individuals are more aware they have rights when it comes to their data.

With DSAR as a Service our experts take the strain, liaising with individuals to ensure the DSAR is fulfilled correctly and reducing compliance concerns.

This service is provided by IT Governance’s sister company GRCI Law Limited, a specialist in data privacy, cyber security, and legal and compliance advisory services.

 COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Accommodating DSARs

The GDPR requires you to respond within one month to requests from individuals about their personal data. These requests, known as DSARs, must be processed without charge.

DSARs can be a substantial administrative burden, particularly as they must all be treated individually. There are multiple challenges to address within a short timeframe:

  • Recognising the receipt of a DSAR.
  • Verifying the identity of the requester. Where requests are made on behalf of others, such as through a solicitor, you need to ensure the third party making the request is authorised to act on behalf of the individual.
  • Assessing whether the request is valid, and what information is to be provided.
  • Reviewing collected information and redacting data relating to third parties where their consent is unavailable.

DSAR as a Service

We can support you throughout this complex process with DSAR as a Service. Our team of experienced data privacy lawyers and DPOs (data protection officers) will manage the process on your behalf to ensure requests are completed in accordance with, and in the timeframe prescribed by, the GDPR. This involves:

  • Reviewing and assessing the nature and validity of the DSAR;
  • Verifying the individual’s identity;
  • Locating the data – liaising with the appropriate person or department to acquire all the personal information relating to the individual;
  • Information screening – obtaining consent from third-party individuals where their personal information is contained within the search results and, where it is unobtainable, applying redactions and exemptions;
  • Formally disclosing the information to the individual;
  • Documenting the facts relating to the DSAR; and
  • Liaising with the relevant supervisory authority if needed.
Service options

Service options

DSAR as a Service is provided by GRCI Law Limited (GRCI Law, a subsidiary of GRC International Group plc), a specialist in data privacy, cyber and information security, and legal and compliance advisory services.

Small Standard Enterprise Bespoke
Approximately 5 to 10 DSARs annually Approximately 11 to 20 DSARs annually Approximately 21+ DSARs annually According to your needs
50 hours included 100 hours included 150 hours included Includes ability to service one-off DSARs
Why GRCI Law

Why choose GRCI Law?

DSAR as a Service is delivered by IT Governance’s sister company GRCI Law, and has been developed specifically to cater to the needs of organisations trying to comply with the GDPR and DPA (Data Protection Act) 2018.

  • Unlike other organisations, GRCI Law is a specialist legal consultancy, which means we only advise on issues related to data protection, privacy and cyber security.
  • GRCI Law’s team of qualified lawyers, DPOs, solicitors and barristers has decades of experience in privacy and information/cyber security compliance programmes, and personal data solutions for high-profile organisations.
  • GRCI Law takes a strategic approach to assessing and managing your data privacy needs, aligning standards and best practices with your operational and business requirements.
  • As a sister company of IT Governance, you have direct access to cyber security specialist expertise, if needed.
  • Our team has experience with global multinationals, international banks, investment firms and leading law firms, healthcare providers, world-leading educational institutions, the European Council, and UK law enforcement organisations.

Download GRCI Law’s corporate brochure to find out more about their services.

Customer Reviews

This website uses cookies. View our cookie policy
SAVE 10%