Skip to Main Content
Select regional store:
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
DSAR as a Service | IT Governance USA

DSAR as a Service

SKU: 5301
Format: Consultancy

Responding to DSARs (data subject access requests) can be fraught with complications, including timely response, identity verification, redactions, and third-party permission. DSARs are heavily regulated under the EU’s GDPR (General Data Protection Regulation), and individuals are more aware they have rights when it comes to their data.

With DSAR as a Service our experts take the strain, liaising with individuals to ensure the DSAR is fulfilled correctly and reducing compliance concerns.





Accommodating DSARs

The GDPR requires you to respond within one month to requests from individuals about their personal data. These requests, known as DSARs, must be processed without charge.

DSARs can be a substantial administrative burden, particularly as they must all be treated individually. There are multiple challenges to address within a short time frame:

  • Recognizing the receipt of a DSAR.
  • Verifying the identity of the requester. Where requests are made on behalf of others, such as through a lawyer, you need to ensure the third party making the request is authorized to act on behalf of the individual.
  • Assessing whether the request is valid, and what information is to be provided.
  • Reviewing collected information and redacting data relating to third parties where their consent is unavailable.

DSAR as a Service

We can support you throughout this complex process with DSAR as a Service. Our team of experienced data privacy lawyers will manage the process on your behalf to ensure requests are completed in accordance with, and in the time frame prescribed by, the GDPR. This involves:

  • Reviewing and assessing the nature and validity of the DSAR
  • Verifying the individual’s identity
  • Locating the data – liaising with the appropriate person or department to acquire all the personal information relating to the individual
  • Information screening – obtaining consent from third-party individuals where their personal information is contained within the search results and, where it is unobtainable, applying redactions and exemptions
  • Formally disclosing the information to the individual
  • Documenting the facts relating to the DSAR
  • Liaising with the relevant supervisory authority if needed

COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow us to provide consultancy services, penetration tests, and training remotely where necessary. Please also refer to our COVID-19 policy.

How does the service work?

Service options

Small Standard Enterprise Bespoke
Approximately 5 to 10 DSARs annually Approximately 11 to 20 DSARs annually Approximately 21+ DSARs annually According to your needs
50 hours included 100 hours included 150 hours included Includes ability to service one-off DSARs

Customer reviews

This website uses cookies. View our cookie policy