Resources
Guides, tutorials, and tips for handling data subject access requests.
EDPB 2026 enforcement focus: transparency
EU data protection authorities will scrutinise privacy notices and information obligations under GDPR Articles 12 to 14 in this year's coordinated action.
All news and updatesA complete ebook covering what DSARs are, who they apply to, and how to respond — step by step.
Ready-to-use templates for acknowledging, responding to, and closing out data subject access requests.
How to verify the identity of someone making a DSAR — without overstepping or under-checking.
Jurisdiction Guides
The most well-known US privacy law. Applies if you earn $26.625M+ or handle 100K+ consumers.
Applies to any business serving EU residents — no size threshold. Fines up to 4% of global revenue.
No revenue threshold — applies to any business processing personal data of Texas residents.
How to Handle DSARs in SharePoint and Microsoft 365
Where personal data lives in M365 and how to use Purview Content Search for DSAR responses. Step-by-step with limitations.
Read more DSARHow to Make a Subject Access Request to the Police
How to submit a subject access request to UK police forces, what data they hold about you, Part 3 of the DPA 2018, police exemptions, and what to do if your request is refused.
Read more PIPEDAPrivacy Laws in Canada: Federal, Provincial, and Sector-Specific Guide
Complete overview of Canadian privacy laws. PIPEDA, Quebec Law 25, Alberta and BC PIPA, sector-specific rules, and employee privacy rights.
Read more DSARVexatious and Excessive DSARs: When You Can Legally Refuse a Request
When a DSAR is manifestly unfounded or excessive under GDPR Article 12(5). ICO guidance, real examples, and how to document refusal.
Read more DSARCan You Charge for a DSAR? Fees, Costs, and When You Can Say No
When you can charge for a DSAR response, how to calculate a reasonable fee, and comparison across GDPR, CCPA, and PIPEDA.
Read more ComplianceWhat Personal Data Do You Actually Hold? A Small Business Audit Guide
Most businesses hold more personal data than they think. A systematic walkthrough of where personal data hides in your systems.
Read more DSARHow to Make a Subject Access Request to the NHS
How to request your medical records from the NHS via subject access request. GP, hospital, and mental health records — step by step.
Read more ComplianceCCTV Footage Subject Access Requests: How to Handle Requests for Video Data
How to respond to subject access requests for CCTV footage. Legal requirements, redaction of third parties, retention periods, and practical steps for businesses.
Read more DSARHow to Make a Subject Access Request to the Home Office
Step-by-step guide to submitting a subject access request to the UK Home Office. What data they hold, required documents, timelines, and escalation.
Read more ComplianceData Breach Notification Requirements: A Multi-Jurisdiction Compliance Guide
When and how to report data breaches under GDPR, CCPA, PIPEDA, and other privacy laws. Notification timelines, who to notify, and what to include in your report.
Read more ComplianceChildren's Data and DSARs: Parental Access Requests and Age-Appropriate Compliance
How to handle DSARs involving children's personal data. Parental access rights, age of consent, competency assessments, and compliance under GDPR, CCPA, and COPPA.
Read more DSARSubject Access Request Form: How to Create and Process SAR Submissions
How to create an effective SAR form for your organization. Essential fields, best practices, and how to process incoming requests efficiently.
Read more ComplianceData Retention Policies and DSARs: How Long You Keep Data Affects How You Respond
How data retention policies affect DSAR responses. What happens when data has been deleted, retention period conflicts, and building retention schedules that support compliance.
Read more ComplianceAutomated Decision-Making and Profiling: Data Subject Rights Under GDPR
Guide to GDPR Article 22 rights against automated decision-making and profiling. When individuals can opt out, what businesses must disclose, and how AI changes the landscape.
Read more ComplianceRight to Object: When Data Subjects Can Stop You Processing Their Data
Guide to the right to object under GDPR Article 21. When individuals can object to processing, the direct marketing absolute right, and how businesses should respond.
Read more DSARDSAR Breach Compensation: What Happens When Responses Are Late
What happens when a DSAR response is late or incomplete. Compensation claims, tribunal decisions, and steps to take if you miss a deadline.
Read more ComplianceRight to Restriction of Processing: When Data Subjects Can Freeze Your Use of Their Data
What is the right to restriction of processing under GDPR Article 18? When individuals can request you stop processing their data, what it means in practice, and how to comply.
Read more ComplianceRight to Rectification: How to Handle Requests to Correct Personal Data
Guide to the right to rectification under GDPR Article 16. When individuals can request correction of inaccurate data, how to respond, and your obligations across jurisdictions.
Read more ComplianceRight to Data Portability: What It Means and How to Comply
What is the right to data portability under GDPR Article 20? How it differs from the right of access, when it applies, and how businesses should respond to portability requests.
Read more DSARWhat Must Be Included in a Subject Access Request Response?
Complete guide to what must be included in a SAR response under GDPR Article 15. Practical examples, formatting, and common mistakes.
Read more ComplianceData Controller vs Data Processor: Roles, Responsibilities, and DSAR Obligations
What's the difference between a data controller and data processor? How each role affects DSAR obligations, liability, and compliance requirements under GDPR and other privacy laws.
Read more ComplianceData Subject Rights: A Complete Guide to Privacy Rights Under GDPR, CCPA, and Beyond
Complete overview of all data subject rights under GDPR, CCPA, PIPEDA, and other privacy laws. What each right means, how they work, and what businesses must do.
Read more ComplianceWhat Is Personal Data Under Privacy Law? A Practical Guide
What counts as personal data under GDPR, CCPA, and other privacy laws. Categories, examples, and why it matters for DSARs and compliance.
Read moreData Privacy News: GDPR, CCPA & Privacy Law Updates
Latest data privacy news and regulatory updates. GDPR enforcement, CCPA changes, UK DUA Act, and global privacy law developments that affect how your business handles personal data.
Read more PIPEDAHIPAA vs PIPEDA: Understanding Health Data Privacy in Canada
HIPAA does not apply in Canada. Learn what PIPEDA and provincial health privacy laws require for health data protection and access requests.
Read more DSARHow to Automate DSAR Responses Without Enterprise Software
Automate your DSAR workflow on a small business budget. Email templates, spreadsheet trackers, free tools, and scrappy workflows that actually work.
Read more DSARCCPA DSAR Checklist: Everything You Need Before You Respond
Actionable checklist for handling CCPA consumer requests. Covers intake, verification, search, exceptions, response, and documentation.
Read more DSARCCPA DSARs: How to Handle Right-to-Know and Right-to-Delete Requests
Step-by-step guide to processing CCPA consumer requests: right to know, right to delete, right to correct, and right to opt out. Deadlines, verification, and exceptions.
Read more DSARCCPA DSAR Software: Tools for Handling Consumer Requests
What to look for in CCPA DSAR software. Intake, verification, data discovery, deletion tracking, and response management — without overspending.
Read more DSARCCPA Right-to-Delete Requests: How to Process Them Correctly
How to handle CCPA deletion requests step by step. Verification tiers, the nine exceptions, service provider notifications, and response requirements.
Read more DSARDeletion Request Differences: CCPA vs GDPR Response Requirements
How to respond differently to CCPA deletion requests and GDPR erasure requests. Side-by-side comparison of deadlines, verification, exceptions, and a unified process.
Read more DSARPII Found on the Web: How It Affects Your DSAR Obligations
What to do when personal data you hold is found exposed online. How it triggers DSARs, what to expect, and how to manage the overlap between breach response and DSAR fulfillment.
Read more DSARGDPR SAR Software: Tools for Handling Subject Access Requests
What to look for in GDPR SAR/DSAR software. Data discovery, redaction, deadline tracking, and response management for small businesses.
Read more DSARPII Scanning for DSAR Compliance: How to Find the Data You Need to Disclose
How PII scanning software supports DSAR fulfillment. What to scan, which tools work for small businesses, and how to build scanning into your DSAR workflow.
Read more DSARWhen Someone Asks You to Delete Everything: How to Handle Total Erasure DSARs
How to process 'delete everything about me' requests. What you must delete, what you can keep, how to set expectations, and a step-by-step response process.
Read more DSARResponding to US Deletion Requests: State-by-State DSAR Guide
How to handle deletion requests under US state privacy laws. Response deadlines, verification requirements, exceptions, and a unified process for multi-state compliance.
Read more DSARHandling Right-to-Erasure Requests: DSAR Response Guide
How to process GDPR right-to-erasure requests step by step. Verification, deletion scope, third-party notification, response templates, and timeline.
Read more DSARFinding Personal Data for DSAR Responses: Discovery Tools Guide
How to find personal data across your systems when fulfilling a DSAR. Discovery tools, manual search methods, and building a repeatable data map.
Read more CCPACCPA DSAR Process: A Guide for California Compliance
How to handle CCPA data subject access requests (DSARs) including verification, response timelines, and what information you must disclose.
Read more DSARDSAR Exemptions: When You Can (and Can't) Refuse a Request
A practical guide to DSAR exemptions: when you can legally refuse or limit a data subject access request, and when you cannot.
Read more DSARDSAR Identity Verification: When and How to Verify Requests
How to verify identity for DSARs: when verification is needed, what counts as reasonable, the proportionality principle, and common mistakes.
Read more DSARDSAR Response Deadlines: How Long Do You Have?
DSAR response deadlines compared across GDPR, CCPA, UK DPA, and PIPEDA, including extensions and what happens if you miss them.
Read more DSARDSAR Response Templates: What to Include and How to Format Your Reply
How to structure a DSAR response: what to include, how to format it, common mistakes to avoid, and a sample structure you can follow.
Read more Privacy ToolsDSAR Software Comparison: What Small Businesses Actually Need
Honest comparison of DSAR software for small businesses. Enterprise platforms vs mid-market tools vs manual approaches — and which one is right for you.
Read more DSARDSAR Training: How to Prepare Your Team
How to train your team on DSARs: who needs training, what to cover, how often to train, and a practical program for small businesses.
Read more Privacy ToolsBuilding a DSAR Workflow That Doesn't Suck
A practical guide to building a DSAR workflow for small businesses. Step-by-step process from intake to response, no expensive software required.
Read more DSAREmployee DSARs: What Happens When Your Own Staff Requests Their Data
How to handle employee DSARs: what data is in scope, tricky areas like manager opinions and investigation notes, and practical advice.
Read more DSARHow to Respond to a DSAR: Step-by-Step Process
A practical step-by-step guide to responding to a DSAR, from receiving the request to sending your final response.
Read more DSARWhat Happens If You Ignore a DSAR? Penalties and Consequences
The real consequences of ignoring a DSAR: regulatory fines, litigation, ICO complaints, and reputational damage explained for businesses.
Read more DSARWhat Is a DSAR? The Plain-English Guide for Small Businesses
Learn what a DSAR is, what it means for your business, who needs to comply, and what deadlines apply under GDPR, CCPA, and PIPEDA.
Read more DSARWhat Is a Subject Access Request? Everything You Need to Know
Subject access requests explained in plain English: who can make one, what you must provide, timelines, and how to handle them.
Read more