Data Subject Access Requests (DSARs)

For over 10 years, Morae has supported the largest organisations and their legal advisors with Data Subject Access Requests (DSARs).

We help solve the challenges created by DSARs.

Read views from our UK Head of Managed Services on how DSARs will be impacted by COVID19.

Blog: The impact of DSARs from COVID19


View our On-Demand Webinar to learn about practices in responding to increased DSAR volumes.

Webinar: Practices In Responding To Increased DSAR Volumes


DSAR Challenges

There are a host of challenges in finding an effective end to end solution, including:

Costs & Clarity
DSAR recipients report high levels of frustration with costs, resulting from expensive resources and outdated commercial models. Pricing uncertainty is also a common pain point.

IT Departments will often struggle to locate and collect Personal Data which is unstructured and from disparate systems.

Manual Workflows
Many providers often do not leverage technology and workflow solutions to their fullest potential. Failure to do so makes DSARs more expensive, time consuming, and stressful than they need to be.

“Silver Bullet”
Some providers may claim technology alone can fully address the DSAR challenge. But the breadth, nuance, and risk of GDPR require a combination of technical and manual workflows.

There is a 30-day deadline, unless an extension is obtained. Without a bespoke DSAR solution, meeting this deadline can be problematic.

Our Solution

Morae’s DSAR solution is end-to-end. From planning to disclosure and everything in-between, our team of data privacy experts can support you in every respect.

Policy, Planning & Procedures

Morae will assist in preparing to respond to any DSAR request, delivering a data impact assessment, data mapping, implementing intake technology, and ensuring ongoing compliance and support.

Data Sourcing, Searching, and Collection

Forensically collect the content from the relevant sources the DSAR pertains to. We can do this at scale and across any source including iManage Work.

Data Processing for Review & Redaction

Morae deduplicates, deNISTs and processes data quickly into a workspace dedicated to your matter with a bespoke DSAR module automatically deployed, and optimized for Secure Remote Review.

DSAR-Specialised Project Management

Specialised project management for these engagements is critical to success. Our team works closely with yours to incorporate your preferences and ensure you are aware of progress. Morae Project Managers are experts in defensibly reducing DSAR data populations.

Personal Data Review

Morae will utilise the Relativity platform to deliver review of the personal data. The review will be performed by a data privacy review specialist. Tailored coding will be used against each document to denote personal data status, redaction requirements, relevant issues, privileged status, etc.


During review, it is critical to avoid disclosing a third party’s personal data, business sensitive or privileged material. Our team has multiple methods available to ensure quick, simple and defensible redaction across the reviewed content, working with the firm throughout.

Disclosure & Reporting

Communication at this point is critical. Also important is collating the final production set of redacted content, conversion to a chosen format and multilayer checks on substantive content. Our QA and controls will ensure the firm has total confidence in the outcome.

Ad Hoc

Engage Morae on an as-needed basis whenever an internal or external requirement arises


Partner with Morae to support all of your DSARs to achieve substantial cost savings, consistency and rigour


Have peace of mind knowing Morae is supporting your DSAR matters as required

Frequently Asked Questions & Insights