Glossary
Data Subject Access Request (DSAR)
A formal request by an individual to receive all personal data an organisation holds about them, under Kenya's DPA or GDPR.
Data Subject Access Request (DSAR)
A Data Subject Access Request (DSAR) is a formal request made by an individual (the data subject) to receive all personal data an organisation holds about them. The right is granted by Kenya's Data Protection Act, 2019 and similarly by GDPR and most modern privacy regimes.
The DSAR fulfilment deadline under the Kenyan DPA is 30 days. Failing to fulfil — or fulfilling incompletely — is a compliance violation that can be enforced by the ODPC.
DSAR fulfilment requires:
- Verifying the requestor's identity
- Searching across all systems holding personal data
- Compiling responsive documents (with redactions for third-party data)
- Excluding documents covered by legitimate exemptions (legal privilege, ongoing investigations)
- Delivering the package securely
- Logging the entire process
Papyrus's DSAR workflow makes this manageable: identity verification, tenant-wide search, scope review by DPO, secure delivery, audit log entry.