Sample Data - For Demonstration Only

Sample DSAR Evidence Pack

See exactly what a complete, GDPR-compliant DSAR response looks like. This is what you'll produce with SAR Portal - and what regulators expect to see.

1 Request Intake

When a data subject submits a request, SAR Portal captures all required information and starts the 30-day countdown automatically.

📄 Data Subject Access Request

GDPR Article 15

Case ID: SAR-2024-00147

Request Type: Access Request (Article 15)

Subject Name: Sarah Mitchell

Subject Email: sarah.mitchell@email.com

Date Received: 15 November 2024, 09:32 GMT

Due Date: 15 December 2024 (30 days)

Request Details: "I would like to request a copy of all personal data you hold about me, including any communications, account information, and transaction history. Please also provide information about who this data has been shared with."

Source: Public Portal (sarportal.acme-corp.com/request)

✓

Timestamp Recorded Exact date/time captured for deadline calculation

✓

Legal Basis Identified GDPR Article 15 - Right of Access

✓

30-Day Deadline Set Automatic countdown with email reminders

2 Identity Verification

Before releasing any personal data, you must verify the requester's identity. SAR Portal documents this critical step.

👤 Identity Verification Record

✓ Verified

Verification Method: Email Code Verification + ID Document

Email Verified: ✓ Code sent to sarah.mitchell@email.com - Confirmed 15 Nov 2024, 09:45 GMT

ID Document: Passport (last 4 digits: ***7842) - Uploaded and reviewed

Verified By: John Smith (Data Protection Officer)

Verification Date: 15 November 2024, 14:22 GMT

Notes: Identity confirmed. Email matches account on file. Passport name matches request. Approved to proceed with data gathering.

✓

Multi-Factor Verification Email code + supporting document

✓

Authorised Reviewer Verified by designated DPO

✓

Audit Evidence Complete verification trail stored

3 Redacted Documents

Third-party personal data must be redacted before disclosure. SAR Portal's AI identifies and redacts this automatically.

📄 Customer Support Transcript (Redacted)

PDF - 2 pages

Support Ticket #4521 - 23 October 2024

Customer: Sarah Mitchell (sarah.mitchell@email.com)

Agent: ████████████

Sarah Mitchell: Hi, I'm having trouble accessing my account. It says my password is incorrect but I'm sure it's right.

████████: Hello Sarah! I'd be happy to help you with that. I can see your account was locked after 3 failed login attempts at 14:32 today. Let me unlock it for you.

Sarah Mitchell: Oh, that must have been me trying different passwords. Thank you!

████████: No problem! I've unlocked your account. You should receive a password reset email at sarah.mitchell@email.com within the next few minutes. Is there anything else I can help you with?

Sarah Mitchell: No, that's everything. Thanks for your help!

Redaction note: Agent name redacted as third-party personal data (GDPR Article 15(4))

📄 Account Information Export

PDF - 1 page

Account ID: CUST-2021-84729

Full Name: Sarah Jane Mitchell

Email: sarah.mitchell@email.com

Phone: +44 7700 900123

Address: 42 Oak Street, Manchester, M1 4AB, United Kingdom

Account Created: 8 March 2021

Last Login: 14 November 2024, 18:45 GMT

Data Shared With: Stripe (payment processing), Mailchimp (email marketing - with consent)

✓

Third-Party Data Redacted Agent names and other personal data removed

✓

AI-Assisted Detection Automatic PII identification with human review

✓

Data Recipients Disclosed Article 15(1)(c) - Third parties listed

4 Final Response

The complete response package sent to the data subject, fulfilling your Article 15 obligations.

📧 Response Letter

✓ Sent

Acme Corporation Ltd
123 Business Park, London, EC1A 1BB
dpo@acme-corp.com

5 December 2024

Dear Ms Mitchell,

Re: Your Data Subject Access Request (Ref: SAR-2024-00147)

Thank you for your request dated 15 November 2024 for access to your personal data under Article 15 of the UK GDPR.

We have completed our search of our systems and are pleased to enclose the following:

Enclosed Documents:

Account Information Export (1 page)
Customer Support Transcripts (2 pages, redacted)
Transaction History (3 pages)
Marketing Preferences Record (1 page)

Information about processing:

Purposes: Service delivery, customer support, marketing (with consent)
Legal basis: Contract performance, legitimate interests, consent
Recipients: Stripe (payments), Mailchimp (marketing)
Retention: Account data retained for 7 years after account closure
Your rights: Rectification, erasure, restriction, portability, objection

Please note that some information has been redacted to protect the personal data of third parties (our employees), as permitted under Article 15(4).

If you have any questions about this response or wish to exercise any other rights, please contact us at dpo@acme-corp.com.

Yours sincerely,

John Smith
Data Protection Officer
Acme Corporation Ltd

Response Sent: 5 December 2024, 10:15 GMT (10 days before deadline)

5 Complete Audit Trail

Immutable record of every action taken - exactly what a regulator would request during an investigation.

📋 Audit Log - Case SAR-2024-00147

Immutable Record

5 Dec 2024, 10:15:42 GMT

Case Completed & Response Sent

Final response package sent to sarah.mitchell@email.com via secure portal

By: John Smith (DPO)

5 Dec 2024, 10:12:18 GMT

Response Letter Generated

Cover letter created with standard GDPR disclosure information

By: John Smith (DPO)

4 Dec 2024, 16:45:33 GMT

Documents Reviewed & Approved

All 4 documents reviewed for completeness and redaction quality

By: John Smith (DPO)

4 Dec 2024, 14:22:11 GMT

AI Redaction Completed

Support transcript processed - 2 instances of third-party PII redacted

By: System (AI)

4 Dec 2024, 14:18:45 GMT

Documents Uploaded

4 documents uploaded: Account info, support transcript, transactions, marketing prefs

By: Emily Jones (Admin)

20 Nov 2024, 09:30:00 GMT

Reminder Sent

Automated 25-day reminder sent to case handlers

By: System

15 Nov 2024, 14:22:58 GMT

Identity Verified

Subject identity confirmed via email verification + passport document

By: John Smith (DPO)

15 Nov 2024, 09:45:12 GMT

Email Verification Completed

Verification code confirmed by data subject

By: Sarah Mitchell (Subject)

15 Nov 2024, 09:32:47 GMT

Case Created

DSAR received via public portal - 30-day deadline set for 15 Dec 2024

By: System

✓

Complete Timeline Every action timestamped to the second

✓

User Attribution Who did what, and when

✓

Immutable Record Cannot be edited or deleted

✓

Regulator Ready Exportable for DPA investigations

Want to know how we protect your data?

Learn about our security measures, GDPR compliance, and data residency options.

Visit Trust Center →

Ready to produce evidence packs like this?

Start your 14-day free trial and handle your first DSAR with complete audit trails and AI-powered redaction.

Start Free Trial See How It Works

No credit card required. Full access to all features.