DSAR Compliance Library

Quick answers to your most pressing GDPR and DSAR questions, tailored for UK SMEs.


Essential Guides

A **Data Subject Access Request (DSAR)** is a legal request under UK GDPR that allows an individual (data subject) to ask an organisation (data controller) if their personal data is being processed, and if so, to receive a copy of that data and supplementary information.

Yes, you must respond. Unless an exemption applies, you are legally required to respond to a DSAR **within one calendar month** of receiving the request. Failure to respond correctly or on time is a breach of GDPR and can lead to significant scrutiny and potential fines from the Information Commissioner's Office (ICO).

DSAR Helper is designed to track this critical 30-day window from the moment the request is logged.

Before you disclose any personal data, you must take **reasonable steps** to verify the identity of the person making the request. Releasing sensitive personal data to the wrong person is itself a serious data breach.

**Reasonable Steps include:** Asking for information you already hold (like a customer account number or date of birth) or, in high-risk cases, requesting a copy of an official document (ensuring the document is verified and then deleted).

DSAR Helper requires you to tick the **Identity Verified** box before you can start processing the data, ensuring this vital compliance step is never missed.

The DSAR response is not just the personal data itself; it requires supplementary information to be fully compliant. Your final PDF response must cover:

  • The **personal data** categorised clearly (e.g., Contact, Purchase).
  • The **source** of the data (where it came from, e.g., "customer sign-up form").
  • The **purpose** of processing (why you use it, e.g., "contract fulfilment").
  • The **retention period** (how long you will keep it).
  • Details of any **third-party sharing** (who you have sent the data to).
  • Information on the data subject’s **rights** (rectification, erasure, etc.).
  • Contact details for the **ICO**.

DSAR Helper's final generation step ensures all these elements are captured and included in the professional PDF output.

Return to Homepage