Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on GDPR for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Data Subject Access Request (DSAR)

Pragmatic and tailored approach to GDPR compliance

FREE GDPR Compliance Review

High-level review of your GDPR compliance position.

Offer is valid until

29/8/2024

Find out more

Data Subject Access Request (DSAR)

The General Data Protection Regulation (GDPR) provides data subjects with a number of data protection and privacy rights, including the ‘right of access’, i.e., the right to receive a copy of all of their personal data that is held by a particular organisation.  This right is exercised by data subjects making a data subject access request (DSAR), which organsiations are, in almost every circumstance, obligated to fulfil.  

Responding to and fulfilling DSARs in full compliance with the GDPR can often be an extremely complicated process; the data subject cannot be provided with any data that identifies another living individual, and any information that does (directly or indirectly) identify another living individual will need to be redacted.  Certain elements of the data may also need to be redacted in line with the legal exemptions (circumstances where you do not need to provide a data subject with their data) defined in Schedule 2 of the Data Protection Act 2018 (DPA 2018).   Due to the extensive data protection knowledge and specialist skills required to compliantly perform such a task, and the time limit of (in most cases) 30 days to fulfil these requests, responding to DSARs can be an extremely arduous and inconvenient process for organisations.

URM can provide these skills through its knowledgeable and experienced Data Protection Team, offering an outsourced DSAR management service.  Our consultants are able to apply the appropriate redactions to any documents supplied, delivering a human, rather than an electronic solution, which is strongly believed to be more effective and appropriate.  As guided by the Information Commissioner’s Office (ICO), it’s essential to understand the context of a DSAR and this can only really be achieved where the raw material is read by a human eye.  

URM’s data protection experts can manage the whole DSAR process; once the raw data has been gathered, URM will sift through, remove duplicates, and identify the correct documents for redaction and disclosure.  Following the redaction service, URM is able to package the DSAR together for disclosure – all within the time limit defined by the Regulation.  If required, URM is also able to act as your representative with the UK regulator where a DSAR is contested.

Meanwhile, if you would like to develop your internal teams to become more confident and compliant in their management of DSARs, URM delivers a 1-day ‘How to Manage DSARs’ training course which provides clear and practical instruction and guidance on dealing with all aspects of a data subject access request (DSAR).

Get in touch

Please note, we can only process business email addresses.

Why URM?

Track record

URM’s DP and GDPR consultants have extensive ‘real world’ experience as both practitioners and subject matter experts working at a senior level within business and in their data protection consulting roles advising organisations on best practice.  With a 19-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach.

Flexible service offerings

A key differentiator between URM and other data protection service providers is our flexible service offerings.  Our virtual DPO service can be customised to your precise requirements, in terms of the type of support you require and the frequency of site days (remote or on site) etc. Equally, with our remediation support, URM can assist you address any gaps identified and achieve full GDPR compliance. We can also help you maintain that compliance with GDPR auditing services.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which helps to ensure that you not only understand what the principles and requirements of the GDPR are but how to best meet them.

Information Security FAQ

DUA Bill: An Initial Assessment

Published on
31/10/2024

URM’s blog compares the Government’s new Data (Use and Access) Bill with the previous Government’s DPDI Bill, & how it may alter the UK GDPR when it is passed.

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
27/9/2024
Data Protection Considerations for Monitoring Employees

URM’s blog offers key advice and detailed guidance on how to balance your organisation’s needs with GDPR compliance as you perform workplace monitoring.

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
13/9/2024
How to Conduct a Legitimate Interest Assessment (LIA)

URM’s blog discusses the importance of LIAs for maintaining compliance with the GDPR, as well as providing a step-by-step breakdown of how to conduct one.

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
30/8/2024
The ICO Issues its First Notice of Intention to Fine a Data Processor

URM’s blog explores the first provisional monetary penalty imposed by the ICO exclusively on a data processor & the lessons that can be learned from the case.

Read more
"
I Have been very impressed with the delivery of both the ISO 42001 webinar and last weeks 27001 and will certainly keep URM in mind with regard to any services in the future.
Webinar Attendee
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.