Try SecurEnvoy

Data Subject Access Request (DSAR)

Compliance to data protection regulations is essential and costly if ignored.

SecurEnvoy solutions help your business remain compliant by allowing you to discover data that corresponds to a DSAR request.

data subject access requests

What are Data Subject Access Requests?

Data Subject Access Requests (DSARs), also referred to as Subject Access Requests (SARs) are an important component of data protection regulations around the world, such as GDPR.

A Subject Access Request enables an individual (data subject) to ask for any personal data that an organisation might hold on them.SARs allow people to have more control over their data. Individuals are becoming more aware of SARs (alongside the “Right to be Forgotten”) and are increasingly receiving legal advice to use SARs in disputes with companies. In some cases, requests are also being used by ex-employees to gain more information about reasons for dismissal.

Subject Access Requests are a key component of data regulations around the world:

  • Australia Privacy Act
  • California Consumer Privacy Act (CCPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
  • General Data Protection Regulation (GDPR) – EU
  • Information Technology Act 2000 – India
  • Act on the Protection for Personal Information (APPI) – Japan
  • Protection of Personal Information Act (POPIA) – South Africa

Why DSARs are important

Rules differ between the different regulations. GDPR, for example, stipulates that a SAR must be responded to within 30 days.In the UK, if a Subject Access Request is ignored by an organisation or it does not provide all the personal data held, then the Information Commissioner’s Office (ICO) may issue an enforcement notice, and failure to comply with the notice is a criminal offence and can cost the business up to 4% of global turnover.

The challenge of fulfilling a DSAR

Fulfilling a SAR can be a real challenge and time consuming for companies with huge amounts of data residing in multiple endpoints, file servers, cloud storage, and databases.

When a company receives a SAR, they are required to extract all the personal data held, but also need to prove that they have looked for data across the entire estate. SecurEnvoy Data Discovery can assist in this process by searching data stores across your estate quickly.
data subject access requests

Introduction to SecurEnvoy Data Discovery

Watch the video >

Quickly and effectively respond to Data Subject Access Requests


Sensitive data discovery

SecurEnvoy’s Data Discovery tool makes dealing with Subject Access Requests straightforward.SecurEnvoy Data Discovery is a comprehensive solution for sensitive data discovery which must take place before data classification and data control can happen as part of a wider Data Loss Prevention project.
Once the SAR policy is set up, it can be run across file servers, databases and cloud services to find all the existing data. Data can also be extracted from images, scanned documents and emails.

Copies of the files and data found can then be made and forwarded on to the person requesting the data after suitable redaction is carried out with third party tools. If a right to be forgotten request is received, the data can then be moved to a file server and relevant files and information redacted using third party tools and the data can then be deleted.

DSAR Compliance

Executing a SAR using SecurEnvoy Data Discovery

Watch the video >