A data subject access request, or ‘DSAR’, is a request made by an individual to an organisation for access to the personal data that the organisation holds on that individual.
The General Data Protection Regulation requires organisations that hold personal data on individuals to provide them with a copy of that personal data, in most cases without charge and, typically, within one month of receipt of a request.
Organisations can be on the receiving end of DSARs from clients, customers and employees. They are, perhaps, need to be applied to the review of each collected to determine whether the Item should be produced to the Individual, withheld or redacted; and, the need to balance those rules against the Individual’s own legal rights. most common in the context of a dispute and are often used to gather evidence for a claim or to apply pressure on an organisation as part of exit negotiations.
There Is no prescribed format for making a DSAR – requests may be made verbally or In writing – and organisations have very limited grounds to reject a DSAR. Where organisations elect to reject a DSAR, they are still required to explain to the Individual what Is wrong with the request and Inform the Individual of their right to appeal the decision to the relevant supervisory authority.
DSARs can present organisations with capacity and capability challenges.
This Is due to several factors, Including: the number of DSARs that organisations are now receiving; the number of electronic and hardcopy Items that are being returned for review; the complex legal rules that need to be applied to the review of each collected to determine whether the Item should be produced to the Individual, withheld or redacted; and, the need to balance those rules against the Individual’s own legal rights.
We can assist you manage the DSARs from start to finish.
Condor is a division of Fieldfisher, a European law firm with a market leading data protection practice. Condor uses e-discovery tools to more efficiently and effectively process, analyse, review and predictively code your collected data. Once your team has identified and collected data from relevant data sources (e.g. local hard drive, network drive, SaaS applications, mobile devices and archives), we will provide you with credentials to securely upload the data to our e-discovery platform. We will then index and process the data, culling documents by applying filters, de-duplication and date ranges.
We then use advanced analytics tools and keyword searches created in consultation with your team to further reduce the number of documents and, potentially, to produce a review set which is more responsive to the subject access request.
Condor uses paralegals, trained by Fieldfisher’s data protection lawyers and managed by Condor’s project management function, to undertake the document review. The paralegals assess whether the documents are within the scope of the request, whether the documents are exempt from production and apply redactions (where appropriate) to those documents that are responsive and not otherwise exempt from production to the individual. We give you the option of undertaking a second-level QC review or can arrange for a second-level QC review to be done by a Fieldfisher data protection lawyer.
Condor will provide you with an electronic copy of the responsive documents that are not otherwise exempt from production to the individual. Typically, we produce documents in a PDF format (with the redactions ‘burned’ into the image to prevent the redactions from being removed) but we can provide the responsive documents in other formats.
DSAR Support packages
Each of our DSAR support Packages includes:
- Secure Data Transfer
- Data Processing
- Data Hosting (3 months)
- Project Management
- Analytics Support (5 hours)
- User Access (3 Users for 3 months)