DSAR Management

Structured intake. Guided processing. Auditable delivery.

Six stages manage the full lifecycle of data subject requests — from public submission through identity verification, data collection, redaction, and response delivery — with complete audit trails and regulatory deadline tracking.

Get started →

Acompli DSAR Management Brochure — page 1

View brochure

The DSAR workflow

From intake to archive — one structured pipeline

Each stage adds governance. By the time a response is delivered, it carries its verification trail, redaction log, QA checklist, and compliance metadata — all preserved in a searchable archive.

01Intake & Verification

Public portal for structured submissions

A branded, public-facing portal lets data subjects submit access, erasure, rectification, and portability requests directly. Each submission captures requestor details, selects the applicable regulation, and generates a unique reference number.

Portal setup is automated — enter the client’s website URL and AI extracts their brand identity and researches their company to pre-configure regulations, custom fields, and SLAs. Identity verification follows — document upload, email OTP, staff review — before processing begins. Multi-entity organisations get separate portals per subsidiary.

GDPR

UK GDPR

CCPA

LGPD

PIPEDA

POPIA

Request types

AccessErasureRectificationPortability

02Data Discovery

Search connected systems for the data subject’s records

Acompli queries multiple sources in parallel — HubSpot, ServiceNow, Microsoft 365, Jira, and custom API connectors — with real-time progress streaming.

Discovery results are reviewed, validated, and attached to the request before moving forward. Each connector tracks sync history, supports manual triggering, and surfaces connection errors for fast resolution.

Parallel search

Query multiple systems simultaneously with real-time progress streaming for each connector.

Pre-built connectors

HubSpot, ServiceNow, Microsoft 365, Jira — plus custom API connectors for internal systems.

Result validation

Review and validate discovery results before attaching them to the request for processing.

03Review & Redaction

AI-powered PII detection with human review

AI scans collected documents and flags sensitive entities — email addresses, phone numbers, national identifiers, credit card numbers, names, and addresses. Each finding is surfaced for human review.

Confirm, reject, or edit each detection. Bulk operations handle high-volume documents efficiently. Reusable zone templates standardise redaction across recurring document formats.

PII Scan — Employee Records.pdf

Email address12 foundRedact

Phone number4 foundRedact

National identifier2 foundReview

Credit card number1 foundRedact

Full name (subject)8 foundKeep

Postal address3 foundReview

04Quality Assurance

Template-based QA before any response is sent

QA checklists ensure every request meets your organisation’s standards. Items are checked, notes are added, and completion is tracked with a progress indicator.

The stage cannot advance until all required items are verified. Checklist templates are configurable per request type and regulation, so teams can enforce consistent quality across the programme.

Checklist verification

Every required item must be checked before the request can advance to the response stage.

Configurable templates

Define QA checklists per request type and regulation. Adapt standards as requirements evolve.

Notes and attribution

Add notes to each checklist item. Every check is attributed with user and timestamp.

05AI-Assisted Response

Multi-phase AI pipeline drafts the response

An intake analyst assesses complexity, a data collector scopes the search, a response drafter generates a regulation-compliant letter citing relevant articles, and a compliance reviewer verifies the output.

The result is a draft — not a sent response. Your team reviews, edits, and approves before delivery. Response templates are reusable and configurable per regulation.

Intake analyst

Assesses request complexity and scope

Data collector

Scopes the data search across sources

Response drafter

Generates regulation-compliant letter

Compliance reviewer

Verifies output against requirements

Output →Draft response for human review and approval — never sent automatically

06Delivery & Archive

Package, deliver, and preserve with full audit history

Package response documents, select a delivery method, and send. The data subject receives confirmation through the portal with access to download their response.

Completed requests move to a searchable archive with full audit history, time tracking records, and compliance metadata preserved. Configurable retention policies support automatic purge and anonymisation.

Portal

Data subject download

Secure portal access for the data subject to download their response and supporting documents.

Searchable archive

Full audit history, time tracking, and compliance metadata preserved in a searchable archive.

Retention

Configurable retention

Automatic purge and anonymisation policies ensure data is not held longer than necessary.

Audit

Complete audit trail

Over 20 tracked action types with full user attribution, timestamps, and change detail.

Included capabilities

Practical features that support DSAR programmes

🌐

Auto-configured Portals

Enter a URL — AI detects the brand and pre-configures regulations, fields, and SLAs.

⏱️

Deadline & SLA Tracking

Colour-coded countdowns, extension requests, and configurable SLAs per regulation.

🔍

PII Detection & Redaction

AI-powered entity scanning with human review, bulk operations, and zone templates.

🏢

Multi-Entity Support

Separate portals per data controller with independent branding and configuration.

📊

Reports & Analytics

Volume trends, SLA compliance, stage distribution, and time tracking with CSV export.

💬

Team Collaboration

Threaded comments, task assignment, bulk operations, and centralised task views.

See DSAR management in action

Structured intake, guided processing, AI-assisted responses, and complete audit trails — connected to your assessments, risk register, and RoPA in one platform.

Get started →Book a demo