Data Subject Access Request (DSAR) as a Service

Data Subject Access Request (DSAR) as a Service

DSAR as a Service is an annual subscription service for organisations that do not have the time or expertise in-house to deal with DSARs (data subject access requests).

Save 10% on annual fees by paying in advance.

Enquire today
Price: £0.00
Excluding VAT

Collating relevant information to respond to DSARs (data subject access requests) can be challenging and time-consuming. The data subject’s identity must be verified, data should be screened and third-party consent may need to be obtained. Outsourcing this requirement allows your organisation to get on with the job at hand, while maintaining compliance with the GDPR and fulfilling your DSAR obligations as required.

Manage complex DSARs with our DSAR as a Service

We can support you throughout this complex process with DSAR as a Service. DSARs are processed by a team of subject access request specialists with extensive experience.

Dedicated DSAR support from GRCI Law covers all areas of the DSAR process:

  • Reviewing and assessing the nature and validity of the DSAR.
  • Verifying the requester’s identity.
  • Liaising with the single point of contact within your organisation to locate the relevant data and to acquire all the personal information relating to the individual.
  • Screening the collated data.
  • Obtaining consent from third-party individuals where their personal information is contained within the search results and, where it is unobtainable, applying redactions.
  • Applying lawful exemptions, if applicable.
  • Formally disclosing the information to the requester.
  • Documenting the facts relating to the DSAR.
  • Liaising and interacting directly with the relevant regulatory authority. 

This data access request service is available either on an annual subscription basis, perfect for organisations that want DSAR help year-round, or as smaller prepaid blocks of hours, which could help organisations with a particularly difficult DSAR or to provide extra DSAR resource.

Why use GRCI Law?

Our team of experienced data privacy lawyers, DPOs (data protection officers) and cyber security specialists deliver efficient, expert-driven services.

  • We are a specialist legal and compliance consultancy – we only advise on data protection, data privacy and cyber incident response matters.
  • We’re already helping organisations like yours to understand the intricate details of the UK GDPR and DPA (Data Protection Act) 2018.
  • We have decades of experience and a solid track record.
  • As we are a sister company of IT Governance, you can access a broad range of cyber security solutions, including training, consultancy and software, to support your data privacy needs.

About us

We are a specialist consultancy firm offering a full suite of data protection, data privacy, cyber risk and information security legal and compliance solutions and associated non-reserved legal services. Our clients operate globally in a wide range of sectors including health and social care, education, professional services, retail, technology, media and telecoms.

We are market leaders in terms of depth and breadth of experience. Our team of lawyers, DPOs and cyber incident response experts have decades of experience and sector-specific knowledge between them.

We offer legal risk and compliance consultancy advice that you can trust without the burden of administrative duties and expenses that law firms must bear to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.


GRCI Law has completed the NHS Data Security and Protection (DSP) Toolkit online self-assessment tool, which allows organisations to measure their performance against the National Data Guardian’s 10 data security standards, providing the assurance (to all NHS clients) that we are practising good data security and that personal information is handled correctly. If you process NHS patient data in any capacity, GRCI Law can assist you with all your data privacy requirements.

If you need assistance to become compliant with the DSP Toolkit, our sister company IT Governance Ltd offers several options to help you complete this exacting requirement.

Your Team

Loredana Tassone – Managing Consultant, Head of EU & UK Representative Service

Loredana oversees operations, service delivery, and management and development of the consultant team. She has more than 15 years’ experience in the fields of privacy rights, data protection and cyber security in both the private and public sectors. She is a specialist in international and European law, and a qualified attorney at law in France and Italy. Based in Brussels, she advises GRCI Law clients on a wide range of data privacy issues. She is a certified GDPR consultant, DPO and trainer, and has worked at the European Court of Human Rights, at the Directorate General of Human Rights and Legal Affairs of the Council of Europe, and for international law firms in the EU.


Helen Pettit – Incident and Breach Management and Data Subject Rights Consultant

Helen is a compliance professional with a wide range of experience in consumer and criminal law and dispute resolution. Her key areas of focus at GRCI Law are incident and breach management and complex DSARs. She has advised on a range of complex DSARs for GRCI Law clients including a leading pizza brand and a well-known gym group. She is a key member of our Data Breach team and routinely advises on data breaches and data breach management as well as wider data privacy issues. Her role involves regular liaison with the Information Commissioner’s Office on behalf of GRCI Law clients.

Find out more

Speak to an expert

If you have any queries or are unsure of how to progress, please get in touch with our team of experts, who will be able to assist with your enquiry and provide guidance options.

Enquire today