Subject Access Requests

Subject Access Request

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Reduce the cost and time of meeting SARs while keeping secure and compliant.

Typically SARs need to be managed by a trusted employee with strong attention to detail or outsourced to a lawyer. This makes the SAR process time-consuming, and therefore, expensive.

DPOPlus offers an affordable, intelligent and secure cloud-based solution to this problem.

Using advanced AI, our software scans and interrogates your organisation’s files (like an internal search engine).

With our service, the cost and time of meeting SARs is much less than the manual method – minutes and hours rather than days and weeks.

Crucially, with DPOPlus, you can also demonstrate that your processes are secure and compliant to the ICO through permanent evidence.

Key Benefits

  • Reduce the time and cost needed to meet SARs
  • Demonstrate compliance to the ICO
  • Remove the likelihood of human error from the process
  • You stay in control at all times
  • You get back the time and effort this process creates

Request Help

What is a SAR?

Under the UK’s data protection legislation, people (data subjects) have the right to find out if an organisation is using or storing their personal data. To exercise this right, all they have to do is ask for a copy of this data. This is called making a subject access request (SAR).Individuals can also use a SAR to ask if their data is being shared with anyone else (and if so, why and how), how long an organisation plans to store their data, the reasons for this decision, and information on where their data came from.

The law requires organisations to respond to a SAR within one calendar month (this can be extended to three months but you will have to justify this delay).

If the SAR is not met in time, data subjects can raise a complaint with the ICO.

You can only refuse a request if it is ‘manifestly unfounded or excessive’ and the ICO is now fining companies for ignoring SARs.

As such, organisations must put processes in place to ensure that ALL requests are recorded and appropriately actioned or risk financial penalties.

Request Help

How our SAR processing service works

  • Using advanced AI, our software scans and interrogates your organisation’s files and can identify data subjects using a range of variables (e.g. full name, surname, forename, other names they might be known by, context etc.)
  • With advanced filtering, we can assess what data needs to be included and what can be left out. Typically this cuts the amount of data by around 80%
  • We redact any content that is not relevant to help keep you compliant
  • We hand this filtered info back to you to decide what to do with it
  • Our clever tool will return the info requested in a PDF format that can safely be shared with the requestor.

A rigorous approach to security

ISO 27001 certified, we have a rigorous approach to security design that complies with the latest ICO guidance and data protection regulations.
We will also work with you to set any security standards you need. For example:

  • What type of data we have access to
  • How long we have access to this data.

DPOPlus at a glance

  • AI technology. Our AI-platform reflects and responds to developing legislation, IG best practices, claimant behaviours and the performance of the ICO
  • Real-world insight. Our services are informed by real-world experience of business governance, process improvement, data protection, information security and solicitor-led expertise
  • A secure solution. ISO 27001 certified, we have a rigorous approach to security design that complies with the latest ICO guidance and data protection regulations.