Creating an Effective Data Subject Access Request (DSAR) Process


Individuals have the right to see what information organisations store on them and the requests for this information are called Data Subject Access Requests (DSARs). After the introduction of the GDPR, it is recognised as a fundamental aspect of the legislative framework’s ethics of transparency, control and accountability.

The risk of non-compliance is huge. The GDPR’s maximum penalty is 4% of global annual turnover or €20 million – whichever is higher. And with only a 1-month window to comply, it can be difficult for companies who are not sufficiently organised to fulfil DSAR requests.

Organisations need to address significant challenges in order to comply, including:

  • No workflow: Organisations are playing catch-up with the regulations, and typically have no prescribed workflow, which is key from a regulatory and an auditability standpoint
  • No Data Inventory: Organisations MUST know where their your data is, which data sources they reside in, what data types they hold and categorise PII (personal identifiable information). Without and effective Data Inventory, how can an organisation be sure to know where ALL of their data resides?
  • Manual Collection: Requests made to busy IT departments, teams of reviewers having to look at the data, handing over the data to the data subject – all very challenging to fulfil manually. Organisations need to use technology to assist wherever possible. 
  • Number of Requests: A manual process may service 1 or 2 requests a quarter, but what about organisations who get hundreds or even thousands of requests per quarter?

Exterro’s recent webinar, How To Create An Effective DSAR Response Process, included speakers Daniel Cope, Global Head of HR Data Privacy at HSBC and Gurdev Bhogal, EMEA E-Discovery Solutions Consultant at Exterro, who discussed how to effectively respond to DSARs and help organisations overcome the challenges and the essential steps for compliance.

Click this link to watch the webinar recording.

For more information on DSARs or to find out how your organisation can benefit from Exterro’s data privacy software and how they can help address some of the challenges, such as Data Subject Access Requests, visit the Exterro website here.