Data Subject Access Request (DSAR) as a Service

Data Subject Access Request (DSAR) as a Service

Our DSAR Service is designed to help organisations deal with DSARs in a cost-effective and efficient way. We help organisations that do not have the time or expertise in-house to deal with DSARs.

Enquire today
Price: £0.00
Excluding VAT

Responding to DSARs can be challenging and time-consuming. Outsourcing this requirement allows your organisation to get on with the job at hand, while maintaining compliance with the GDPR (General Data Protection Regulation) and fulfilling your DSAR obligations as required.

Manage complex DSARs with our DSAR Service

We can support you throughout this challenging process with our DSAR Service. DSARs are processed by our expert team, whose members have extensive experience dealing with complex DSARs.

Dedicated DSAR support from GRCI Law covers all areas of the DSAR process, including:

  • Reviewing and assessing the nature and validity of the DSAR;
  • Verifying the requester’s identity;
  • Liaising with the single point of contact within your organisation to locate the relevant data and to acquire all the personal information relating to the individual;
  • Advising on search terms and data that should be included in the scope of the DSAR;
  • Screening the collated data;
  • If requested, obtaining consent from third-party individuals where their personal information is contained within the search results and, where it is unobtainable, applying redactions;
  • Applying lawful exemptions, if applicable;
  • Formally disclosing the information to the requester and/or the client to release to the requestor;
  • Providing support with and guidance on documenting the facts relating to the DSAR; and
  • Liaising and interacting directly with the relevant regulatory authority. 

When dealing with DSARs, we work with your nominated contact(s) to access the digital records requiring review and redaction. We discuss with you the amount of data involved, the file formats and the time it will take us to complete the work.

This DSAR Service is available either on an annual retainer basis, perfect for organisations that want help year-round, or as smaller prepaid blocks of hours, which could help organisations with a particularly difficult DSAR or to provide extra resource.

Why use GRCI Law?

Our team of experienced data privacy lawyers and DPOs (data protection officers) deliver efficient, expert-driven services.

  • We are a specialist legal and compliance consultancy – we only advise on data protection and data privacy matters.
  • We’re already helping organisations like yours to understand the intricate details of the UK GDPR and DPA (Data Protection Act) 2018.
  • We have decades of experience and a solid track record.
  • As we are a sister company of IT Governance, you can access a broad range of cyber security solutions, including training, consultancy and software, to support your data privacy needs.

About us

We are a specialist consultancy firm offering a full suite of data protection and data privacy compliance solutions and associated non-reserved legal services. Our clients operate globally in a wide range of sectors including health and social care, education, professional services, retail, technology, media and telecoms.

We are market leaders in terms of depth and breadth of experience. Our team of lawyers and DPOs have decades of experience and sector-specific knowledge between them.

We offer legal risk and compliance consultancy advice that you can trust without the burden of administrative duties and expenses that law firms must bear to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.


GRCI Law has completed the NHS Data Security and Protection (DSP) Toolkit online self-assessment tool, which allows organisations to measure their performance against the National Data Guardian’s 10 data security standards, providing the assurance (to all NHS clients) that we are practising good data security and that personal information is handled correctly. If you process NHS patient data in any capacity, GRCI Law can assist you with all your data privacy requirements.

If you need assistance to become compliant with the DSP Toolkit, our sister company IT Governance Ltd offers several options to help you complete this exacting requirement.

Your team

Loredana Tassone – Managing Consultant, Head of EU & UK Representative Service

Loredana oversees operations, service delivery, and management and development of the consultant team. She has more than 15 years’ experience in the fields of privacy rights, data protection and cyber security in both the private and public sectors. She is a specialist in international and European law, and a qualified attorney at law in France and Italy. Based in Brussels, Loredana advises GRCI Law clients on a wide range of data privacy issues. She is a certified GDPR consultant, DPO and trainer, and has worked at the European Court of Human Rights, at the Directorate General of Human Rights and Legal Affairs of the Council of Europe, and for international law firms in the EU.


Helen Pettit – Incident and Breach Management and Data Subject Rights Consultant

Helen is a compliance professional with a wide range of experience in consumer and criminal law and dispute resolution. Her key areas of focus at GRCI Law are incident and breach management and complex DSARs. She has advised on a range of complex DSARs for GRCI Law clients including a leading pizza brand and a well-known gym group. Helen is a key member of our Data Breach team and routinely advises on data breaches and data breach management as well as wider data privacy issues. Her role involves regular liaison with the Information Commissioner’s Office on behalf of GRCI Law clients.

Find out more

Speak to an expert

If you have any queries or are unsure of how to progress, please get in touch with our team of experts, who will be able to assist with your enquiry and provide guidance options.

Enquire today