Individuals have the fundamental right to make a DSAR (i.e. a request that an organisation provides details of the personal information being stored about him/her) and organisations have to respond.


Organisations are facing an up-swell in requests, which is likely to increase further when the GDPR comes into effect in May 2018. The GDPR will abolish the fee currently applicable, which the government anticipates may lead to an increase in DSARs of between 25-40%. It also reduces the time limit from 40 to 30 days. This will increase the burden on businesses, especially if handled wrong.

Clients tell us that resourcing these requests is often challenging and the law is complex. Additionally, the repercussions of getting it wrong can be significant. Hand over too little information and risk enforcement action by the regulator or a claim in the courts. Hand over too much and risk disclosing confidential and/or commercially sensitive information, or information about third parties, which could also lead to regulatory action and/or litigation.

This is why AG have put together a complete package from offering fixed price training for companies to develop best practice and robust policies, to document review, hosting and processing requests. It provides clients with certainty that they are meeting their obligations. We will make handling DSARs easier, quicker and cheaper to deal with.

Download our Data Subject Access Requests booklet for more information

If you would like to find out more about how we can support you, please get in touch.

Key Contacts

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile
David Hackett

David Hackett

Partner, IP/IT & Data Protection
Dublin, Ireland

View profile
Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile