Data Subject Access Requests (DSAR)

Data Subject Access Requests (DSAR) Services by Cyforce

CYFORCE provides the industry’s leading end-to-end DSAR service, significantly reducing the time it takes to prepare and conduct appropriate responses to Data Subject Access Requests. Backed by advanced customer success programs and the worlds fastest data processing power, CYFORCE is the trusted choice for organisations around the world. Utilising cutting-edge forensic processing software, bespoke DSAR workflows and advanced document review technology, we can efficiently identify, search, filter, redact and provide a focused data set for review. This GDPR compliant workflow is efficient, forward-thinking and cost-effective.

What are Data Subject Access Requests?

Data Subject Access Requests (DSARs) are made by individuals who want to obtain details on the type and extent of personal information an organisation holds about them. Data Subject Access Requests also help individuals understand how, why and when organisations use their data. An individual can submit a DSAR either verbally or in writing and a request can be made to any part of an organisation. A DSAR does not have to be directed to a specific person or point of contact and the recipient must respond to the request within 30 days.

The DSAR Problem

Privacy laws such as the General Data Protection Regulation (GDPR) and the 2020 California Consumer Privacy Act (CCPA) are constantly increasing awareness around personal data protection and individual privacy rights. The demand placed on organisations to comply with such privacy laws is now considerable, and complying is becoming increasingly more difficult, costly and time-consuming. Data Subject Access Requests are often tactically deployed when there is an ongoing dispute; for example, during an employment tribunal. There has been a significant rise in DSARs since the GDPR, as well as an influx in complaints to the UK’s Information Commissioner Office (ICO) because requests have not been dealt with in the appropriate timescale, or the requested documentation has not been provided at all.

The DSAR Solution

With GDPR in full effect, many organisations are having to adapt by implementing new internal guidelines and procedures, but significantly fewer organisations have explored new assistive technology to deal with Data Subject Access Requests efficiently and effectively. Aside from the internal technological requirements and commercial impact felt when handling DSARs in-house, in our experience, no request is the same, and if completed correctly the process is rarely straightforward. Subject data is often buried within everyday business communication which is difficult to locate. CYFOR’s advanced online review technology is specifically designed to search, filter and process large volumes of electronic data.

CYFORCE’s end-to-end DSAR solution

Respond sooner, reduce risk, and meet obligations with unrivalled visibility into your DSAR data.
data subject access requests dsar

The DSAR Journey Timeline

PHASE 1: Consists of two main steps, first, collating all relevant data from our clients’ systems and then, securely transferring the bulk of data to us. Data collation can be done in-house, where our clients choose to find and extract the relevant subject information from their systems themselves. If they require assistance with this, our data protection partners can be instructed to help with finding all information relevant to the request. Once the bulk of data has been collated, it will then need to be sent to us, and this can be done using a number of secure methods. These include secure file transfer protocol (S-FTP), remote data collection or a secure courier service. PHASE 2: Consists of two steps; firstly, structuring the data to ensure that it is in a searchable format, and secondly, reducing the data size by using the below filtering techniques and search types:
  • De-duplication: the removal of duplicate documents.
  • Email Threading: providing the single email conversation that starts with an original email and includes all the subsequent replies and forwards pertaining to that original email.
  • Date Range: For example; the date relating to the data subject’s employment.
  • Key Words: CYFORCE can run any word as a search term. For example, HR, Dismissal, Payroll.
  • Custodians: CYFORCE can search for the data subject’s personal information such as Names, Emails, Home addresses, NI and Banking information.
  • File Types: CYFORCE can search across files and document types such as Emails, Microsoft, Word, Excel, PowerPoint.
PHASE 3: Once the data size has been reduced, it is then uploaded onto our specialist online DSAR platform, which is where the review is done. If any of our clients are unable to carry out the review process themselves, then our data protection partners can be instructed once more. They will use their well-trained and highly skilled team to conduct an accurate review of every page of information, and code/tag the content of each document according to relevance and confidentiality (personalised coding options available). Throughout this stage, our partners will provide daily status updates on the progress of the review, and once complete, the final coded documents will then be re-reviewed for quality assurance. PHASE 4: Once the review is complete, CYFORCE will produce the disclosable documents, ready to deliver to the data subject. Typically, we will produce the documents as non-searchable PDF’s, to ensure all redactions are burnt-in correctly. CYFORCE will then upload the documents back onto our Secure File Transfer Protocol (S-FTP) for our clients to download.