Skip to content Skip to footer

Loading Results

Data Subject Access Requests (DSARs)

Helping you meet data requests

Under GDPR, businesses are required to respond to Data Subject Access Requests (DSARs) within 30 days of receipt and without undue delay. Finding, analysing and producing relevant data for a data subject can be challenging, particularly when the timetable is so tight.

At PwC, we help our clients to deal with rights requests in a cost effective, timely and defensible way. By combining data experts from across the firm, we can offer you the skills and experience of legal professionals, ediscovery and data experts to help you understand the scope of the request and respond, with minimum disruption to your business.

DSARs volumes are rising

All companies, large or small and irrespective of their sector, must comply if they receive a DSAR. As the public becomes more aware of GDPR and their data rights, the volume of DSARs received by businesses will only increase in the future. Finding and delivering the right data within the 30-day deadline is a challenge and regulators have not been reticent about issuing fines to companies that fail to comply.

DSARs present significant challenges for companies:

  • Finding the data. Companies aren’t always aware of where personal data is stored within the organisation. Once the relevant systems have been identified, collating all relevant data into one place and in a consistent format can be difficult.
  • Reviewing the content. Depending on the volume of requests, reviewing data can be costly and time-intensive without the right processes and methodology.
  • Delivering the outcome. It’s essential to understand what steps need to be taken before the data is delivered to the subject, including obtaining an appropriate sign-off.

Many companies are attempting to meet the rising volume of DSARs manually, and reviewing each DSAR can be cost-intensive, but this is a difficult process without the right processes and the help of technology. The risks are rising – but we can help.

How we can help

In partnership with cutting-edge technology vendors, we tailor our approach to each business. We can, for example, review the data landscape to help look for ways to simplify the collation of data, and design an efficient and repeatable workflow or process to suit your requirements. We make sure that insights are captured and fed back to the business, allowing you to develop the strategy and governance practices that will help you manage these requests at scale.

Bringing together data experts from a number of practice areas, we are able to provide expert forensic, legal, data discovery and intelligent review services through a single team. Our teams are truly global and particularly adept at managing data requests and challenges at scale, with on-the-ground expertise available in all major EU countries and across the globe.

We take a three-step approach to rights requests:

1. Identifying the data

Using data experts who specialise in scoping and understanding DSARs and their complexity, especially at scale, we analyse the data landscape, collate and de-duplicate information, and use automated techniques to identify personal data quickly.

View more

2. Review

Using a combination of technology and human-based review we can summarise and identify the data that is within scope of each request, and carry out document review and redactions on your behalf.

View more

3. Delivery

We create automated workflows to facilitate the end-to-end DSAR process, from validating the initial request to sharing data with the data subject.

View more

How can we help you to overcome these challenges?

Contact us

Denzil Coelho

Denzil Coelho

Director, PwC United Kingdom

Tel: +44 (0)7725 706596

Craig McKeown

Craig McKeown

Partner, PwC United Kingdom

Tel: +44 (0)7841 494473

Follow us