Try SecurEnvoy

Data Subject Access
Request (DSAR)

Compliance to data protection regulations is
essential and costly if ignored.

SecurEnvoy solutions help your business remain
compliant by allowing you to discover data that
corresponds to a DSAR request.

data subject access requests

What are Data Subject Access Requests?

Data Subject Access Requests (DSARs), also referred to as Subject Access Requests (SARs) are an important component of data protection regulations around the world, such as GDPR.

A Subject Access Request enables an individual (data subject) to ask for any personal data that an organisation might hold on them.

SARs allow people to have more control over their data. Individuals are becoming more aware of SARs (alongside the “Right to be Forgotten”) and are increasingly receiving legal advice to use SARs in disputes with companies. In some cases, requests are also being used by ex-employees to gain more information about
reasons for dismissal.

Subject Access Requests are a key component of
data regulations around the world:

  • Australia Privacy Act
  • California Consumer Privacy Act (CCPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
  • General Data Protection Regulation (GDPR) – EU
  • Information Technology Act 2000 – India
  • Act on the Protection for Personal Information (APPI) – Japan
  • Protection of Personal Information Act (POPIA) – South Africa

Why DSARs are important

Rules differ between the different regulations. GDPR, for
example, stipulates that a SAR must be responded to within
30 days.

In the UK, if a Subject Access Request is ignored by an
organisation or it does not provide all the personal data held,
then the Information Commissioner’s Office (ICO) may issue
an enforcement notice, and failure to comply with the notice
is a criminal offence and can cost the business up to 4% of
global turnover.

The challenge of fulfilling a DSAR

Fulfilling a SAR can be a real challenge and time consuming
for companies with huge amounts of data residing in
multiple endpoints, file servers, cloud storage, and

When a company receives a SAR, they are required to
extract all the personal data held, but also need to prove
that they have looked for data across the entire estate.
SecurEnvoy DLP can assist in the process by automatically
searching your data stores for relevant information.

data subject access requests

DSARs and why they
are important

Watch the video >

Quickly and effectively respond to Data Subject Access Requests



SecurEnvoy’s Data Loss Prevention (DLP) and Data
Discovery Essentials (DDE) tools make dealing with
Subject Access Requests straightforward.

The Data Discovery Suite in SecurEnvoy DLP has
pre-built terms for common data including personal
details, such as; address, national insurance, passport
number and telephone numbers. These can be
augmented with custom search terms relating to an
individual to ensure only the subject’s data is returned.

Once the SAR policy is set up, it can be run across file
servers, databases and cloud services to find all the existing
data. Data can also be extracted from images, scanned
documents and emails.

Copies of the files and data found can then be made and
forwarded on to the person requesting the data after
suitable redaction is carried out with third party tools. If a
right to be forgotten request is received, the data can then
be moved to a file server and relevant files and information
redacted using third party tools and the data can then be

Read more about the SecurEnvoy DLP Platform >

DSAR Compliance

Executing a SAR using
SecurEnvoy DLP

Watch the video >

SecurEnvoy Data Loss Prevention

Essential for meeting the growing demand for Subject Access Requests

Take a look at SecurEnvoy DLP in action