Try SecurEnvoy

Data Subject Access
Request (DSAR)

Compliance to data protection regulations is
essential and costly if ignored.

SecurEnvoy solutions help your business remain
compliant by allowing you to discover data that
corresponds to a DSAR request.

data subject access requests

What are Data Subject Access Requests?

Data Subject Access Requests (DSARs), also referred to as Subject Access Requests (SARs) are an important component of data protection regulations around the world, such as GDPR.

A Subject Access Request enables an individual (data subject) to ask for any personal data that an organisation might hold on them.

SARs allow people to have more control over their data. Individuals are becoming more aware of SARs (alongside the “Right to be Forgotten”) and are increasingly receiving legal advice to use SARs in disputes with companies. In some cases, requests are also being used by ex-employees to gain more information about
reasons for dismissal.

Subject Access Requests are a key component of
data regulations around the world:

  • Australia Privacy Act
  • California Consumer Privacy Act (CCPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
  • General Data Protection Regulation (GDPR) – EU
  • Information Technology Act 2000 – India
  • Act on the Protection for Personal Information (APPI) – Japan
  • Protection of Personal Information Act (POPIA) – South Africa

Why DSARs are important

Rules differ between the different regulations. GDPR, for
example, stipulates that a SAR must be responded to within
30 days.

In the UK, if a Subject Access Request is ignored by an
organisation or it does not provide all the personal data held,
then the Information Commissioner’s Office (ICO) may issue
an enforcement notice, and failure to comply with the notice
is a criminal offence and can cost the business up to 4% of
global turnover.

The challenge of fulfilling a DSAR

Fulfilling a SAR can be a real challenge and time consuming for companies with huge amounts of data residing in multiple endpoints, file servers, cloud storage, and databases.

When a company receives a SAR, they are required to extract all the personal data held, but also need to prove that they have looked for data across the entire estate. SecurEnvoy Data Discovery can assist in this process by searching data stores across your estate quickly.

data subject access requests

Introduction to SecurEnvoy Data Discovery

Watch the video >

Quickly and effectively respond to Data Subject Access Requests


Sensitive data discovery

SecurEnvoy’s Data Discovery tool makes dealing with Subject Access Requests straightforward.

SecurEnvoy Data Discovery is a comprehensive solution for sensitive data discovery which must take place before data classification and data control can happen as part of a wider Data Loss Prevention project.

Once the SAR policy is set up, it can be run across file
servers, databases and cloud services to find all the existing
data. Data can also be extracted from images, scanned
documents and emails.

Copies of the files and data found can then be made and
forwarded on to the person requesting the data after
suitable redaction is carried out with third party tools. If a
right to be forgotten request is received, the data can then
be moved to a file server and relevant files and information
redacted using third party tools and the data can then be

DSAR Compliance

Executing a SAR using
SecurEnvoy Data Discovery

Watch the video >