Streamlining DSAR Management: From 150 GB to 5 GB with Purview

Handling Data Subject Access Requests (DSARs) has become a significant challenge for many organisations, especially as artificial intelligence (AI) systems generate vast amounts of data. When a DSAR arrives, companies often face the daunting task of sifting through hundreds of gigabytes of information to comply with legal requirements. This post explores how Purview solutions help businesses reduce the scope of DSARs dramatically, cutting down data volumes from 150 GB to just 5 GB, making the process more manageable and efficient.

Understanding the Challenge of Large DSARs

DSARs allow individuals to request access to their personal data held by organisations. With AI generating suggested DSAR requests the request can be vast and the volume of information related to a single individual can be significant, especially when they are an employee. For example, a single DSAR might initially include:

• Raw AI-generated logs

• Communication transcripts

• Metadata from multiple sources

• Backup files and archives

  
  

This data can easily reach 150 GB or more, creating a significant burden on compliance teams. Processing such large volumes not only delays response times but also increases costs and risks of non-compliance.

How Purview Helps Reframe DSAR Scope

Purview offers tools that help organisations reframe the scope of DSARs by intelligently filtering and categorising data. Instead of handing over all collected data, Purview enables businesses to:

• Identify relevant data sources quickly

• Apply precise filters to exclude unrelated information

• Use AI-driven classification to tag personal data accurately

  
  

This approach reduces the data volume drastically, often bringing it down from 150 GB to around 5 GB. The smaller dataset is easier to review, verify, and deliver within regulatory deadlines.

Key Features of Purview for DSAR Management

Data Discovery and Classification

Purview scans across multiple data repositories, including cloud storage, databases, and file shares. It automatically classifies data based on sensitivity and relevance to the DSAR. This classification helps compliance teams focus only on data that truly pertains to the request.

Intelligent Filtering and Refinement

Using built-in filters, Purview narrows down data by date ranges, file types, and content keywords. This refinement excludes irrelevant files such as system logs or unrelated backups, which often inflate DSAR size unnecessarily.

Automated Data Mapping

Purview creates a visual map of where personal data resides within the organisation. This map helps teams understand data flows and pinpoint exact locations of requested information, avoiding broad, time-consuming searches.

Audit Trails and Reporting

Every action taken during DSAR processing is logged, providing a clear audit trail. Purview generates reports that demonstrate compliance efforts, which is critical during regulatory reviews or audits.

Practical Example: Reducing a 150 GB DSAR to 5 GB

Consider a multinational company receiving a DSAR related to AI-driven customer interactions. Initially, the request pulls in:

• 100 GB of raw AI chat logs

• 30 GB of email communications

• 20 GB of backup files

  
  

Using Purview, the compliance team:

1. Applies filters to exclude backup files older than two years, removing 20 GB.

2. Uses keyword filters to focus on specific customer IDs, removing business as usual data, cutting chat logs from 100 GB to 3 GB.

3. Classifies emails to include only those with personal data, reducing the email set to 2 GB.

   
   

The final dataset is 5 GB, a manageable size for review and delivery.

Benefits Beyond Data Reduction

Reducing DSAR size is just one advantage. Purview also helps organisations:

• Save time and resources by automating manual tasks

• Improve accuracy in identifying personal data

• Enhance compliance with data protection laws such as GDPR and CCPA

• Build trust with customers by responding promptly and transparently

  
  

Best Practices for Using Purview in DSARs

• Start early: Integrate Purview into your data governance strategy before DSARs arrive.

• Train teams: Ensure compliance and IT teams understand how to use Purview’s features effectively.

• Regularly update filters: Keep keyword lists and classification rules current to reflect evolving data types.

• Document processes: Maintain clear records of how DSARs are handled using Purview for accountability.

How we can help you

• Purview Search Optimisation: Our experts refine your KQL (Keyword Query Language) queries and scoping filters within Purview to eliminate "noise" and false positives, drastically reducing the volume of data for manual review.

• System-Specific Training: We provide hands-on workshops for IT and Compliance teams focused specifically on the Purview eDiscovery workflow from creating cases and holds to exporting redacted results.

• DSAR Lifecycle Training: Beyond the software, we train your staff on the end-to-end DSAR process, covering legal timelines, common exemptions (like third-party data), and how to maintain a defensible audit trail.

• DSAR: Our experts can provide training on DSARs and a review of your policies and procedures.

Managing large DSARs effectively is about aggressive culling and defensible documentation. Instead of reviewing every hit, use Purview’s advanced analytics like deduplication and email threading to shrink the data pile to a manageable size. Ultimately, success relies on having clear, repeatable workflows that prove to regulators you made a "reasonable and proportionate" effort to find the data.