Life Sciences und Healthcare

Handling Mass DSARs with Legal Tech

Published on 6th Nov 2019

The mass requests for information pose several challenges. Not only must the legal requirements regarding the provision of information be observed; it must also be ensured that the processing takes place in an orderly process and is at the same time as efficient as possible - not least in order to limit the effort as far as possible and comply with the legal deadlines.

Data Subject Access Requests (DSARs) have increased significantly since the GDPR has come into force in May 2018. Meanwhile for example, most actions against dismissals or terminations of an employment are accompanied by a request from the employee to receive a copy of their personal data from the employer. For the affected companies, these often pose a challenge, because they require a difficult balancing with the protection of company secrets, in particular with respect to data in the company’s email system. But also in other occasions, DSARs can be a challenge for a company’s data protection organization. This is the case, where – mostly in connection with a certain incident such as a data breach or an online campaign by some activist organization – access to personal data is requested on a large scale. In these situations, the company’s privacy teams can be confronted with hundreds or thousands of DSARs at the same time. Even large data protection organizations are normally not prepared to handle these requests in time and in an efficient manner.

In these sutiations, we can help with our practice proven DSAR management platform. It is designed to supprt the whole process from the recording and intake of the request and the identity check up to the verification of the identity and the upload of the data copy:


  • Our highly scalable and configurable platform perfectly supports the processing of mass information requests according to GDPR
  • Accompaniment of the entire process from the collection of the request for information, verification and identity check to the generation of the data copy and the control of the information
  • Support of deadline monitoring to ensure compliance with legal deadlines
  • Real-time evaluations and reports are possible
  • Authorization concept allows differentiated and graded access and processing rights
  • Possibility to upload all relevant documents (e.g. correspondence, data copies, etc.)
  • Through system documentation, the solution also supports the fulfilment of data protection obligations ("accountability")

Are you interested in the solution and its features?

We also develop individually & tailored to your requirements - Talk to us!

Interested in hearing more from Osborne Clarke?

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?

Related articles