Firstly there is a business planning element to this and how from an operational aspect could you handle 1 request per week, 10 a week or if you are a larger organisation 100 per week? This poses a number of additional questions for any business. New processes and internal policies will have to be implemented throughout the organisation to making staff and stakeholders aware of how to effectively handle a SAR.

The second element to any SAR is how do you know what information you have on a data subject and more importantly do you have the capability to find it? This is where Ground Labs are positioned to help organisations of any size right across the EU. Our sensitive data discovery tool already has over 200 PII data types preconfigured so the tool works straight out of the box and starts to find sensitive data as soon as the scan has been set up to run. PII types such as name, address, bank details, health numbers, passport numbers and driving licence number all pre-configured into the tool.

If you are running a search tool for a specific SAR our tool will search your entire network for every instance of the data type you are looking for a report back its findings. To comply with Article 15 you have 30 days to respond to the data subject answering in detail where their data has been stored on your network. Enterprise Recon can give you that information. It’s not big and clunky, it’s on-premise and runs quietly in the background without slowing down your network as a scan is being run.

Want to learn more and are you preparing your GDPR policy and don’t know how to manage a Subject Access Request? If so contact Ground Labs today for a free risk assessment. Please visit:






Want to keep up with all our blog posts? Subscribe to our newsletter!