Manchester: 0161 797 8123

London: 0207 438 2045

Manchester: 0161 797 8123

London: 0207 438 2045

Corporate Investigations

Data Subject Access Requests (DSARs)

Senior Executive Leavers

CYFOR’s DSAR Compliance Service significantly reduces the time it takes to prepare a DSAR response, improves the accuracy of disclosable content, and retains valuable team resource. We operate customised eDiscovery technology with machine learning which allows us to easily locate, extract, organise, filter and review data across any operating system. Combined with this technology, we apply a forensically sound methodology to ensure the correctness of exposed information is in line with GDPR regulations.

Data Subject Access Requests (DSARs) Compliance Service

Dealing with Data Subject Access Requests (DSARs) can be a complex and time-consuming task. This is compounded if the volume of personal data held by an organisation is extensive and if it is held in various formats across a range of systems that may not be corresponding with each other.

As leading digital forensic and eDiscovery specialists, we have invested in advanced online review technology specifically designed to search, filter and process large volumes of electronic data. Incorporating advanced keyword filtration technology, data analytics and machine learning, these platforms can search across any of your chosen systems to recover the information you require. We can also digitally redact any relevant documents that contain legally privileged information which is not disclosable to the data subject.

DSAR Workflow

CYFOR’s workflow outlines the processes undertaken to validate, collect, process, host and review all data in relation to a DSAR.

We can also provide a data flow map, which is designed to help you understand the general flow of personal data through your business, allowing you to improve efficiency in DSAR and GDPR compliance.




  • Significantly reduces DSAR response time ensuring the 30-day deadline is met.
  • Improves the accuracy of disclosable information.
  • Retains valuable team resource.
  • Operate customised eDiscovery technology with advanced keyword filtration technology, data analytics and machine learning.
  • Incorporation of forensically sound methodology.
  • GDPR regulation compliance.
  • Redaction of legally privileged information.
  • Easy-to-use document review platform.
  • Data Subject Access Request:

The data subject makes a request to an organisation. This can be done verbally, in writing, or via email.

  • Validation:

The organisation determines whether the request is valid, and confirms the identity of the requester. They can then provide CYFOR with all data for interrogation.

  • Data Collection:

Data can be provided via secure file transfer, onsite acquisition by a CYFOR expert, or by the collection of a physical storage device.

  • Data Processing:

Data is processed, de-duplicated and indexed. Indexing gives you the ability to run keyword searches over the extracted data, enabling identification of personally identifiable information.

  • Data Hosting:

Once keyword responsive documents have been identified, they are uploaded to our online review platform and are available for review and redaction.

  • Document Review:

CYFOR will review documents for Legal Privilege and other subject’s personally identifiable data.

  • Production:

Once the documents have been reviewed and redacted, CYFOR will provide production of the relevant documents that can be provided to the data subject.

What are Data Subject Access Requests (DSARs)?

The use of electronic devices is constantly increasing and therefore, so is the amount of data being generated. Under regulations such as the Global Data Protection Act (GDPR), individuals are becoming increasingly aware of their personal data protection and privacy rights. Furthermore, the appetite for understanding how personal data is controlled, processed and distributed is also on the rise.

Data Subject Access Requests (DSARs) are formally written requests (via email, letter, fax or social media) for personal information. They are often used by individuals who want to be provided with any personal information an organisation holds about them. For example, an employee may send a DSAR to an employer as part of a grievance, disciplinary or employment tribunal process. The personal information that an individual can request usually includes:

  • Confirmation about whether any personal data is being processed about them.
  • A description of the personal data.
  • The reasons the data is being processed.
  • Whether the data is shared with any other organisation or people.
  • Copies of information comprising the data.
  • Details of the source of the data (where the data is available).
What is classified as personal data?

The European Commission defines personal data as any information that relates to an identified or identifiable living individual. Multiple pieces of information when collected together can lead to the identification of a particular person, so would also constitute personal data.

Data controllers

Data controllers are the organisations being issued with a DSAR as they hold the personal data. They are required to comply with the request promptly and within 30 days of the request. As individuals become more and more aware of this right, clients are coming under increasing pressure to deal with these requests in accordance with the GDPR.

We are instructed by both law firms and companies directly. Contact us today to respond to your Data Subject Access Request quickly and efficiently.

London: 0207 438 2045

Manchester: 0161 797 8123

Manchester: 0161 797 8123

London: 0207 438 2045

We are instructed by both law firms and companies directly. Contact us today to respond to your Data Subject Access Request quickly and efficiently.

London: 0207 438 2045

Manchester: 0161 797 8123

Manchester: 0161 797 8123

London: 0207 438 2045

Feel free to send us an enquiry

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the new General Data Protection Regulation (GDPR) act, 2018.