Data Subject Access Requests · GDPR Article 15
DSAR management software — structured intake, guided processing, auditable delivery
Receive, verify, scope, redact and deliver every data subject request inside its Article 12(3) deadline — with the audit trail already written by the time the response goes out.
Portal intake, identity verification, task assignment, encryption-aware delivery, SLA tracking and regulator-ready reports — one workflow from request to archive.

From intake to archive — one structured pipeline
Each stage adds governance. By the time a response is delivered, it carries its verification trail, redaction log, QA checklist, and compliance metadata — all preserved in a searchable archive.
Public portal for structured submissions
A branded, public-facing portal lets data subjects submit access, erasure, rectification, and portability requests directly. Each submission captures requestor details, selects the applicable regulation, and generates a unique reference number.
Identity verification follows — document upload, email OTP, staff review — before processing begins.
Intake record. Processing guardrails.
Request
Channel, requester details, right invoked and unique reference.
Identity
Evidence upload, email OTP, duplicate checks and staff review.
Scope
Regulation, request type, entity and exclusions captured before work starts.
Deadline
Article 12(3) clock, extension reason and blockers stay on the case.
Owners
Tasks route to system owners with status, evidence and notes.
Audit file
Each decision, search, approval and message is retained for closure.
SLA control path
A DSAR is an operational control sequence
This visual makes the operational risk clear: intake, identity, scope, search, redaction, approval, delivery and archive each need evidence while the Article 12 clock is running.

Discovery and redaction
The hard part is proving what was searched and withheld
This diagram focuses on the real DSAR complexity: assigning searches, collecting returns and non-hits, confirming PII, applying exemptions, QA and packaging the final disclosure.

Subject Rights Management
What is DSAR software?
DSAR software is a workflow tool for managing Data Subject Access Requests and other privacy rights requests. It helps teams capture the request, verify identity, assign tasks, track deadlines, review and redact information, deliver the response securely and keep an audit trail of the decision-making process.
Acompli is built for DSAR operations, not just legal interpretation. It gives teams visibility over the request lifecycle from intake to closure.
Article 15 answer
Is responding to a DSAR a legal requirement in Ireland and the UK?
Yes. A Data Subject Access Request (DSAR), or subject access request, is an individual’s right to obtain the personal data an organisation holds about them. Under GDPR Article 15 — enacted in Ireland through the Data Protection Act 2018 and enforced by the Data Protection Commission, and mirrored in UK GDPR Article 15 and the DPA 2018 enforced by the ICO — controllers must confirm whether they process the data, provide access to it, and supply the supporting information about the processing.
GDPR Article 12(3) requires a response without undue delay and within one month of receipt, with a possible two-month extension for complex or numerous requests if the individual is told within the first month.
What matters
A DSAR workflow has to prove the request was handled properly
Shared inboxes usually fail at the same point: the team can send a response, but cannot easily prove how the response was built. Acompli keeps the request lifecycle in one record from intake to delivery.
- Intake and identity checks are recorded before processing begins.
- Deadlines and extensions stay tied to the statutory clock.
- Source-system searches show where the team looked and what was collected.
- Redactions and exemptions are reviewed by a person before release.
- Delivery and closure leave an audit trail a DPO can export.
DSAR FAQ
DSAR questions answered
Built to the DPC and ICO audit expectation: the GDPR Article 12(3) one-month clock, Schedule 2 DPA 2018 exemptions, Schrems II transfer records, Article 30 reconciliation, and a traceable Evidence Pack for every closed request.
DSAR software is the tool a privacy team uses to manage Data Subject Access Requests from intake to delivery. Acompli DSAR is a standalone product that runs the full lifecycle: portal intake, identity verification with duplicate detection, parallel search across source systems, AI-assisted redaction reviewed by a person, encryption-aware delivery through a secure requester portal, and SLA tracking against the GDPR Article 12(3) one-month clock the DPC and ICO enforce.
More DSAR operations questions
See DSAR management in action
Structured intake, guided processing, AI-assisted responses, and complete audit trails. DSAR is a separate Acompli product — run it on its own, or alongside the platform so requests connect to your assessments, risk register, and RoPA.