Please enable javascript in your browser to view this site!

Data Subject Rights Request Management


Relevant GDPR Articles

  • Article 12: Exercise of the Rights of the Data Subject

  • Article 13, 14: Right to Be Informed

  • Article 15: Right to Access

  • Article 16: Right to Rectification

  • Article 17: Right to Erasure (“Right to be Forgotten”)

  • Article 18: Right to Restriction of Processing

  • Article 19: Notification Obligation

  • Article 20: Right to Data Portability

  • Article 21: Right to Object

  • Article 22: Object to Automated Individual Decision Making

  • Article 7(3): Right to Withdraw Consent


Research in May 2018 by BSi showed that while over one third of firms considered themselves highly likely to receive a complex Data Subject Access Request, nearly 60% of them had no process or procedure for complying.

Our experience is that firms across the spectrum are regularly receiving DSARs and are struggling to comply within the allowable timeframe. Gartner estimate that on average it costs a firm $3,000 to comply with each DSAR. If there is a large volume of unstructured data to be reviewed this number can increase exponentially. Most firms do not track the costs associated with each DSAR so cannot build a business case for the implementation of better business process aimed at avoiding the incidence of DSARs.

Triggering the highest penalties and the risk of class actions, the management of data subject rights in line with legislation is critical. This complex area of data privacy encapsulates the types of requests coming in, the act of finding the data to fulfil a request as well as the documentation, response times, identity validation and security requirements.

The Data Privacy Group have in-depth experience of handling Data Subject Access and other Subject Rights Requests. We use the OneTrust tool set to provide the automation and overlay it with decades of expertise to build fully compliant workflows that are integrated with your data map and IT service management tools for automatic data mining to extract the necessary data. Finally, we bring fully approved templates for the communications with the data subjects making the requests.


Our Services Include

  • Implementation of End-to-End Workflow Automation and Record Keeping

  • Creation of a fully customised portal and integration into your website

  • Implementation of fully compliant workflows

  • Integration with the underlying data map

  • Integration with IT Service Management tools

  • Consolidation of requests from multiple sources

  • Auto-Delete Non-Essential Data with Retention Policies

  • Secure communication of responses to Data Subjects

  • Creation of audit trails and reports for compliance reporting

  • Location and Redaction of Personal Data for Data Subject Access Requests

  • Automatic Search of unstructured data (email, MSWord, Excel, PDF, etc.) for personal data.

  • Bulk scanning of paper-based files and automatic location of personal data

  • Redaction or removal of non-related personal data

  • Creation of DSAR packet for Data Subject

Interested in a Gap Analysis?