UK specialist DSAR practice

Specialist DSAR response.
Audit-defensible by design.

Just DSARs is the UK practice dedicated to subject access requests — combining senior privacy expertise with technology-enabled workflow for faster, defensible response.

Book a discovery call How it works
UK GDPR · Data Protection Act 2018 ICO-aligned methodology Part of the VulaPri group
Who we help

One discipline. Three buyer realities.

DSARs land on different desks in different forms. We meet you where the pressure actually sits.

In-house counsel & DPOs

Hold the line on defensibility without burning out the privacy function. Senior support for high-volume, high-complexity, and edge-case requests.

For privacy & legal leads

HR & People teams

Employee DSARs are the hardest category — grievance-driven, multi-source, often urgent. We handle them end-to-end so the business keeps moving.

For HR & People leaders

Law firms (partner channel)

Refer DSAR fulfilment with confidence, or white-label our practice under your engagement. A defensible, scalable partner channel for firms that don't want to staff DSARs in-house.

For partners & referrers
What we do

Two engagement models. One specialism.

Managed DSAR service

End-to-end DSAR fulfilment

We take the request and return a defensible response within statutory timelines. You retain the client relationship and the regulator-facing record — we handle the operational lift.

  • Receipt, identity verification, and scope confirmation
  • Data discovery facilitation across structured and unstructured sources
  • Standard-complexity redaction with senior UK review
  • Exemption application and third-party rights handling
  • Response letter and audit-defensible record bundle
Discuss your DSAR volume
DSAR advisory

Operating model & capability uplift

For teams that want to keep DSARs in-house but need the right operating model, playbooks, and decision frameworks to do it defensibly and at scale.

  • DSAR operating model design and target state mapping
  • Policy, procedure, and template suite build
  • Disclosure decision frameworks and edge-case playbooks
  • ICO complaint response and regulatory engagement support
  • Training for legal, HR, and operational teams
Scope an advisory engagement
Why Just DSARs

Specialist by design — not by default.

Generalist privacy support and technology-only tooling both fail at the same point: defensibility under regulatory scrutiny. We close that gap.

01

Specialist focus

DSARs are all we do. Not a sideline. That depth shows up in faster turnaround, fewer disputes, and tighter audit trails than generalist support can deliver.

02

Senior-led delivery

Every engagement is shaped by a senior privacy professional with consulting and in-house experience. No junior-only delivery, no off-shore black box.

03

Technology-enabled, human-defensible

Workflow tooling accelerates intake, scoping, and review. Humans own the decisions that matter — exemptions, third-party rights, disclosure scope — because the regulator will.

04

Audit trail by default

Every step is logged, time-stamped, and bundled into a regulator-ready record. If the ICO ever asks, you have the receipts — not a story.

How it works

From request to defensible response.

Four stages. One statutory deadline. A clean response pack at the end.

01

Receive & verify

The request lands with your nominated channel. We acknowledge, verify the data subject's identity in line with UK GDPR Art. 12(6), and confirm scope where it's reasonable to do so.

02

Discover

Coordinated search across your nominated systems — structured and unstructured. We work to your access permissions; you stay in control of the data plane.

03

Redact & review

Standard-complexity redaction completed by trained operators. Every disclosure decision — exemptions, third-party rights, scope — is reviewed by a senior UK privacy professional before release.

04

Respond

A defensible response pack delivered to you within the statutory deadline (UK GDPR Art. 12(3) — one month, extendable where complex). You retain the regulator-facing record.

About Just DSARs

Built by a senior privacy practitioner.

Just DSARs is the dedicated DSAR practice within the VulaPri group — sister to VulaPri's fractional DPO and advisory practice.

The practice is led by Fred Oberholzer, a senior privacy practitioner with consulting and in-house experience across UK GDPR, EU GDPR, and global data protection regimes. Former EMEA Privacy Director and EMEA Group DPO at Canon Europe Ltd. Current IAPP Board Member.

Just DSARs Ltd is registered in England & Wales. The practice operates within the standards Fred carries from senior in-house roles — defensible, documented, deadline-respecting.

Practice fundamentals

  • UK-registered entity — Just DSARs Limited, England & Wales
  • Senior-led delivery on every engagement
  • UK GDPR & Data Protection Act 2018 baseline
  • ICO-aligned methodology & documentation standards
  • Professional indemnity insured
  • Part of the VulaPri group
Get in touch

Tell us what's landing on your desk.

A 30-minute call. No obligation. We'll tell you whether DSAR specialism fits the problem — and what defensible response actually looks like for your situation.

Prefer email? hello@justdsars.com

We process the information in this form to respond to your enquiry, on the basis of UK GDPR Art. 6(1)(b) (steps prior to entering into a contract). See our privacy notice for retention, your rights, and how to contact the ICO.

We'll reply within one working day.