Deal With a Data Subject Access Request (DSAR)
Under UK GDPR, data subjects have a right of access, which means they have a right to obtain a copy of their personal and other supplementary information. A DSAR is thus a request made by a data subject or someone on their behalf, for example a solicitor to a business (usually by e-mail but it can be phone or social media) requesting their personal data or part of it which is held by the business. The request will be valid if it's clear that the individual or person on their behalf is requesting the individual’s own personal data. The DSAR doesn’t need to refer to specific legislation or use specific key words to be valid.
For many businesses, receiving a data subject access request (DSAR) is’ the most thrilling prospect. However, in responding to DSARs it’s important businesses fully comply with UK data protection law.
What should I do if I receive a DSAR?
If your business receives a DSAR, then subject to the exemption outlined below (see Can we refuse to comply with a DSAR?) the business must comply with the DSAR without undue delay and at the latest within one month of receiving the request. Your business can extend the time to respond by a further two months if the request is complex or you have received a number of requests from the individual, e.g. other types of requests relating to individuals’ rights.
To respond to the request, you can request ID so that the business is satisfied of the individual’s identity. The timeline for responding does not begin until requested ID is provided, but the business should still request it promptly. Reasonable efforts should be made to find and retrieve the personal data requested. However, it doesn’t have to conduct searches that would be unreasonable or disproportionate to the importance of providing access to the information.
Often, an individual’s personal data is combined with the personal data of others (an e-mail chain referring to several individuals). Where that is the case, you do not have to comply with the DSAR to provide the requested personal data unless you have consent from other relevant individuals to disclose their personal data as well or it is reasonable for the business to comply without those other individuals’ consent.
When deciding in what format to provide the requested personal data, the business should consider both the circumstances of the particular request and whether the requesting individual has the ability to access the data you provide in that format. It is good practice to establish the individual’s preferred format prior to fulfilling their request.
Can I charge a fee for complying with a DSAR?
You can charge a ‘reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data.
Can I refuse to comply with a DSAR?
Yes, in some circumstances there are exemptions that apply and depending on which applies, you may be able to refuse to provide some or all of the requested personal data. You can also refuse to comply with a DSAR which is manifestly unfounded or manifestly excessive.
How can we help?
We can advise in all matters related to DSARs including if you must respond, when to respond, how to respond and in what way to respond depending on the specific circumstances.
Want to speak with one of our experienced data protection lawyers? Get in touch with the team.
How to get started
Don't take our word for it
Real world legal advice from real people. No stuffy posh nonsense or complicated legal speak for the sake of it, just great value legal advice. Making the switch to Plume was easy and has saved us a lot of money compared to our previous subscription legal service.
Rachael is a diamond and very intelligent. She has a lovely style and an efficient, commercial & more collaborative approach to advising clients. It's also reassuring to know that Rachael is a former litigator so you know you are getting all-round excellent commercially sound advice. Highly recommended!
Having negotiated against Alice personally, we were confident of her legal skills and commercial acumen. They immediately submersed themselves into our business, acting as an extension of our legal team. They worked incredibly hard, are friendly, approachable and above all could always be counted on to retain a sense of humour.”
Rachael is commercially focussed, and her investment in taking the time to get to know our business means she takes a pragmatic, human-centric approach to negotiations. She proactively gets her head around the particular priorities and constraints on each engagement, meaning she hits the ground running adding value while being able to move at pace.
“Plume is anything but your traditional law firm. We found the lawyers to not only be experts in their fields, but dedicated to understanding our business, which is so important to finding innovative solutions to the problems that we bring to them. Every single person I’ve met at Plume has been a delight to work with, and that just makes all the difference. I really do feel in very good hands working with Plume.”
Our favourite thing about working with Plume is it doesn’t feel like we’re working with a law firm but rather an extension of our own team. The lawyers have become so embedded in our business, so commercially focussed and so tuned to our risk appetite and way of working
The best thing about working with the Employment team is the prompt guidance and support they have given with sensitive and complex issues. They offer professional and diligent advice as well as being incredibly genuine and encouraging. It is reassuring to know they are on hand to help at all times.
Everyone internally has been incredibly impressed with your work and I'm sure we will want to continue working together long-term.
Plume is quite clearly the best law firm in the history of the universe. With trademark protections bestowed upon us by your godly lawyers, we'll be able to focus on what we do best.... developing awesome medical technology for the blind community.
Quickly understood my requirements, carried out a thorough review of the facts and produced a user-friendly reference document tailored to my business which demonstrated a strong grasp of the commercials. Take on was pain-free and everyone was friendly and responsive. Would recommend.
Excellent firm. Professional and ideal for start-ups.
The team have supported us with day-to-day and strategic legal advice throughout the year. We're grateful to them for stepping up to support us through this important milestone in MyTutor’s development and for their commitment in getting the deal over the line.
We currently use Plume for our small business and have had a great experience! They are knowledgeable, professional and answer in a timely fashion. Would recommend!
Great working with the folks at Plume. The quality of their work was top notch, their communication was effective and overall happy with the services provided.
You are without a doubt the COOLEST law firm ever, and we love working with you! <3
They're doing amazing stuff on social media and standing out from the crowd. This is a gold standard in disruption.
You are continuing to shape the legal industry to be more creative, compassionate, and (most significantly) human. Keep breaking down barriers - your reach is further than you may realize 🦩
The team have come on board to support MyTutor, a fast growing EdTech business which previously had no in-house legal resource. The team have made a hugely positive difference in a short space of time and we feel incredibly supported by the team, who offer a commercial, low fuss and highly responsive service
Plume are a wonderful, professional and caring law firm. The communication and attention to detail we received by them in dealing with our case was brilliant. I will definitely be using them again for future needs.
The team provided excellent leadership and support throughout our funding process. In particular, they provided comprehensive ownership and management of the close process for AccelerComm, providing excellent, professional guidance from start to finish and enabling AccelerComm to focus on growing core business growth
