.png)
Stop processing DSARs manually
Every data subject access request that lands on your desk triggers the same expensive chain: IT hunts through systems, compliance coordinates across departments, someone spends days reviewing documents page by page for third-party data, and legal checks every exemption manually. Meanwhile the 30-day clock is ticking.
PrivacyManager™ replaces that chain with a workflow that runs in hours, not weeks. Connect your data sources. PrivacyManager finds the records, detects personal information in 25 languages, flags third-party data for redaction, and assembles a disclosure package with a complete audit trail.
Step 1. Connect Your Data
PrivacyManager integrates with the systems where your personal data actually lives. Email servers (Exchange, Outlook, Gmail), HR platforms, file servers, SharePoint, OneDrive, Google Drive, CRM systems, and legacy databases. You define the scope once; every subsequent DSAR searches across the full landscape automatically.
No manual data gathering. No chasing IT for exports. No systems falling through the gaps because nobody remembered they existed.
Step 2. Detect and Classify
When a request comes in, PrivacyManager's Advanced Pattern Matching engine scans every retrieved document for personal information. Not just the data subject's records, but the third-party personal data embedded throughout: colleagues' names in email chains, client details in meeting notes, personal information in attachments.
The engine recognises over 30 billion name combinations across 25 languages and 30 legal jurisdictions. It processes emails, PDFs, Word documents, spreadsheets, and scanned images through OCR. It doesn't just find exact matches; it identifies contextual references, abbreviations, and cross-document patterns that human reviewers routinely miss.
Step 3. Redact Automatically
Third-party personal information is the bottleneck in every DSAR workflow. Before you can disclose the data subject's records, you must identify and remove every reference to other individuals, a task that accounts for 60–70% of total DSAR processing time when done manually.
PrivacyManager flags third-party data automatically and applies redaction recommendations. Your reviewers confirm the flagged items and handle the genuine edge cases: legally privileged content, confidential references, management planning documents, and the specific exemptions that require human judgment.
The platform doesn't replace your reviewers. It removes the 95% of the work that doesn't require their expertise, so they can focus on the 5% that does.
Step 4. Apply Exemptions
GDPR and the UK Data Protection Act 2018 provide a complex set of exemptions: legal professional privilege, management forecasts, negotiations, confidential references, crime prevention, regulatory functions, and more. Getting these wrong, either by over-disclosing or by wrongly withholding, creates regulatory risk.
PrivacyManager's exemption workflow presents each potentially exempt document with the applicable exemption categories, the legal basis, and a guided decision path. Reviewers record their reasoning against each decision. The result is a consistent, defensible exemption record across every request, not the ad-hoc judgment calls that vary by reviewer and by day of the week.
Step 5. Disclose and Document
The completed response package is assembled automatically: the data subject's records (redacted where appropriate), a schedule of exemptions applied, and a full audit trail documenting every step of the process. What was searched, what was found, what was redacted, what was withheld and why.
This audit trail isn't just good practice. It's what you produce when the ICO asks how you handled a request. When the data subject complains that you didn't disclose everything. When your legal team needs to demonstrate that the process was defensible.
Secure delivery to the data subject. Case closed. Audit trail retained.
The hard numbers
Before PrivacyManger™
40-80 hours
3-5K
2-4
Inconsistent
Fragmented
Cross functional effort per DSAR
Per request (Ave.)
turnaround (Ave.)
Before PrivacyManger™
Exemption across reviewers
Audit trail across email, shared drives
For most complex DSARs (data dependant)
300
cost per GBP request (94% reduction)
2-4
Hours to completion
bespoke workflow with recorded reasoning
Complete
Audit trail, regulator friendly from day 1
<48 hours
Workflow
DSARaaS - the fully managed option
Some organisations don't want to run a DSAR platform. They want someone to make the problem go away.
DSARaaS (DSAR as a Service) is Contextul's fully managed DSAR response service. Our privacy specialists handle every stage of the lifecycle on your behalf, using PrivacyManager as the underlying platform but with our team operating it:
What we handle:
-
Request validation and identity verification
-
Data gathering across your systems (we work with your IT team on initial access, then run searches independently)
-
Document review, PII detection, and third-party redaction
-
Exemption assessment and application
-
Formal disclosure to the data subject
-
Complete case documentation
-
Direct liaison with the ICO or other regulators if required
What you handle:
-
Approving the final disclosure package before it's sent
-
That's it
DSARaaS works as an annual subscription for organisations with ongoing DSAR volumes, or as pre-paid blocks of hours for overflow, complex one-off requests, or peak periods (post-breach, pre-litigation, regulatory campaigns).
Our specialists work within your compliance framework, apply your policies, and produce documentation to your governance standards. You retain full control and sign-off authority. We provide the resource, the expertise, and the platform.
How long does it take to deploy PrivacyManager?
Initial deployment typically takes 1–2 weeks, depending on the number and complexity of data source integrations. Basic configuration, request forms, user accounts, and workflow rules, is completed in days. The most time-intensive element is connecting to legacy data sources, which varies by organisation.
What systems does PrivacyManager connect to?
PrivacyManager integrates with email servers (Exchange, Outlook, Gmail), HR platforms, file servers, SharePoint, OneDrive, Google Drive, CRM systems, and SQL/NoSQL databases. Custom connectors can be built for legacy or proprietary systems during deployment.
Can PrivacyManager handle both employee and customer DSARs?
Yes. Employee DSARs and customer DSARs have different data source profiles, exemption requirements, and sensitivity levels. PrivacyManager supports configurable workflows for each request type, with separate exemption logic and reviewer permissions.
What happens if we receive a DSAR we can't handle in-house?
That's exactly what DSARaaS is for. You can use the managed service for individual complex requests without deploying the platform at all, or alongside PrivacyManager for overflow when internal capacity is stretched.
How does PrivacyManager handle scanned documents and images?
PrivacyManager includes OCR (Optical Character Recognition) for scanned PDFs, photographed documents, and images with embedded text. The OCR output is then processed through the same PII detection engine as native digital documents.
Is PrivacyManager hosted in the UK?
UK-based hosting is available for organisations with data residency requirements. Discuss your sovereignty needs with us during the scoping process.
“Working with Contextul has been an absolute pleasure. They supported us with GDPR elements and were incredibly knowledgeable and reassuring throughout the process. Big shout out to Darren and Robert for their efficiency, responsiveness, and ability to jump in whenever needed. They made a potentially complex area feel manageable, and their professionalism and helpfulness gave us real confidence. I’d highly recommend Contextul to anyone looking for expertise and a great team to partner within."
Carys Stanton
Head of Operations
Alexa Young, CA