Insight Engine
Services
Explore Discover new data and digital opportunities, prove their value, and unlock your business potential.
Discovery
Data Sprints & Design Sprints
Service Blueprints
Strategy

Map out technology-driven strategies to forge your data, AI, and digital-first future vision.
AI Strategy
Data Strategy
Data Governance Strategy
Digital Strategy
Transform Build strong data and digital foundations, strengthened by ML, AI, data science, and apps, to achieve your goals.
Data Foundations
Data Products
Digital Products
Content Services
Enable Establish self-service analytics, citizen data science, and low-code/no-code platforms to support your business intelligence.
Community Self-service
Skills On Demand
Managed Services
Organisational Enablement
Discover our services
Learn
Blogs

From deep dives to quick tips, become an industry leader with Aiimi.
Videos

Webinars, explainers, and chats with industry leaders, all on-demand.
Guides

All of our expert guides in one place. No form fills - just download and go.
CIO+ Hub

Practical advice, CIO success stories, and expert insights for today’s information leaders.
Explore
Customer Stories

Discover how customers across a range of industries have realised value and growth with Aiimi.
Data Risk Assessment

Our free Data Risk Assessment helps you quickly identify your most urgent data risk areas and biggest opportunities for automated data governance.
Partners

Accelerate your success by partnering with Aiimi. Our partner portal is your complete toolkit for driving success.
Our Work
About
Contact
Insights

Packaging up DSARs – automate your supporting documentation for a complete response.

by Tom Rankin

Packaging up consistent responses to data subject access requests is central to good customer service when it comes to your customer and employee DSARs. Aiimi Senior Product Designer Tom Rankin explains how DSAR software automates this process, so you can stay compliant, avoid costly complaints, and steer clear of time-sapping audits.

Established to uphold information rights in the public interest, promote openness by public bodies, and data privacy for individuals, the Information Commissioner’s Office (ICO) not only promotes best-practice data protection, but also guides data subjects on exactly what to expect from their DSAR request and response – and how to complain if it’s not up to spec.

This makes carefully packaging up every single DSAR response to avoid costly and time-sensitive objections and audits another key consideration for data privacy and compliance. Given the DSAR request cost implications, completing the end-to-end subject access request cycle is just as important as getting the DSAR process underway.

Processing consistent DSARs with uniform supporting documentation

Detailing exactly what structured and unstructured data you hold, where that data came from, why it’s being held, how it’s being used, who you’re sharing it with (if third-party data, what security measures were taken), and how long it will be stored, alongside all decision-making made by all team members throughout the end-to-end DSAR process is no mean feat. And lest we forget, it’s also best practice to inform each data subject how to challenge the accuracy of your response, object to your use of their data, and request its removal.

Processing all your DSAR responses to include all these components in an unwavering uniform format, alongside policies and procedures specific to each data subject type (i.e., customer, employee, client), makes for an even more daunting task. So what’s the best way to get started?

Our research with DSAR compliance teams shows that organisations are looking to DSAR automation to ensure that all supporting documentation accompanying disclosed data is consistently applied. When it comes to applying relevant supporting ICO-specified documentation, there are three key data subject access request type considerations:

  1. All: universal policies might include recommendations on how to complain to the ICO or about any aspect of the process that's applicable to everyone. This supporting documentation needs to be appended to every single DSAR response, regardless.
  2. Specific: distinct subject-specific policies (e.g., customer or employee DSAR) need to be appended to every DSAR response based on that template. This supporting documentation might include information on how and why this type of personal data is being processed.
  3. Distinct: expanding on a templated letter covering all areas that need answering, a tailored covering letter needs to be appended to every DSAR response. This is designed to speed up the creation of a more personalised, tailored response. For example, it might detail how many documents have been discovered on the data subject and how many instances have been redacted.

Automated data subject access request software delivers straight-forward responses

During our discussions, we also uncovered an added shared challenge: how do you ensure that all relevant data subject request data and ICO-specified information are successfully shared directly with the data subject? Well, to make this as speedy and straight-forward as possible, our Aiimi Insight Engine has been purpose-built with a wide range of practical DSAR Solution tools in mind:

  • Search and discovery tools automate knowledge sharing across your teams.
  • All personal data and sensitive information spread across your enterprise is automatically tagged to simplify redaction.
  • Files can be assigned to specific users to steer timely and specific second-stage DSAR reviews.
  • DSAR checklists guide a consistent response throughout the process.
  • DSAR collections can be easily compiled from our DSAR dashboard.
  • Data marked for disclosure and templated T&Cs tailored to each data subject type are automatically added to your DSAR collection.
  • All redacted data is automatically removed from your DSAR response as soon as your DSAR processor hits ‘complete’.
  • Your completed DSAR response is packaged up ready to be securely disclosed to the data subject via our Disclosure Portal. At the click of a button, they'll receive a notification and login details to access their response and receive any further updates.
Diagram showing how any organisation responding to a DSAR must compile information and policy documentation that meets ICO guidelines. Using the Aiimi Insight Engine, compliance teams can access templated documentation for different data subject types, redact all third-party data, add supporting documentation, and package up their response for disclosure.

Benefits of using the Aiimi Insight Engine for end-to-end DSAR processing

All these DSAR tools and measures are designed to improve your entire end-to-end subject access request processing experience for all key players involved. Your compliance managers are assured that every response contains consistent, up-to-date documentation, while your DSAR request processors can quickly create tailored covering letters contextualising all decisions made for that particular DSAR.

Your DSAR compliance team can sit back, whether they’re working in the office or remotely, safe in the knowledge that all the latest required supporting DSAR documentation is readily available by default.

Ultimately, your data subject receives a fully comprehensive packaged up DSAR response that covers all bases, mitigating risk of follow-up queries or complaints. And, should there be an investigation, your organisation can direct any enquiries back to the respective DSAR collection, where all supporting documentation, redactions, and decision-making are instantly available to demonstrate your completely consistent and compliant DSAR processing operations.

In summary, the Aiimi Insight Engine’s DSAR Solution helps organisations like yours process high numbers of subject access data requests with complete auditable assurance, while significantly reducing impacts on your precious human resources and supporting your valued reputation.

Not one to rest on our laurels, Aiimi endeavours to explore even more new ways to support your DSAR processing with new automated data subject access request solutions designed to enable your organisation to stay aligned and work at scale.

Ready for a DSAR Solution that automates your discovery, redaction, and disclosure processes? Book your 30-min demo to see the Aiimi Insight Engine in action.

Automate your DSARs end-to-end with the Aiimi Insight Engine. Book your 30-min demo.

Aiimi Insights, delivered to you.

Discover the latest data and AI insights, opinions, and news from our experts. Subscribe now to get Aiimi Insights delivered direct to your inbox each month.

Aiimi may contact you with other communications if we believe that it is legitimate to do so. You may unsubscribe from these communications at any time. For information about  our commitment to protecting your information, please review our Privacy Policy.

Enjoyed this insight? Share the post with your network.

more from Tom
Tom Rankin
Product Designer – UX
DSAR Automation

Second-stage reviews – automate your redaction, review, and disclosure processes for a consistent DSAR response

DSAR Automation

Sharing knowledge across the DSAR process – automate your search and discovery for a speedier response

more from DSAR Automation
DSAR Automation

How to respond to Right to Access and Erasure requests from your customers and employees at top speed to stay compliant

DSAR Automation

Why your remote compliance team needs collaborative DSAR technology to succeed

DSAR Automation

Second-stage reviews – automate your redaction, review, and disclosure processes for a consistent DSAR response

Read more on Aiimi Blog

Discover our latest data and AI insights, opinions, and news, all in one place.
Machine Learning

What is a neural network and how will it shape the future of technology?

by Omar Mauri
Insight Engine

The ultimate guide to Legacy System Migration

by Matt Eustace
Insight Engine

Meet Bell, the latest release of the Aiimi Insight Engine

by Clare Williams