A practical, evidence-focused walkthrough of how Canadian SaaS teams should handle DSARs under PPCDA.
A Data Subject Access Request (DSAR) is a user request to access, delete, or correct their data — and PPCDA requires verifiable evidence for every step. DSARs are the earliest and most operationally painful PPCDA workflow — and the fastest way to expose gaps in data mapping, retention, and vendor management.
Capture the request, verify identity, timestamp the intake, and classify the DSAR type.
Identify all systems containing user data — internal, vendor, archived, and legacy.
Gather exports, logs, screenshots, deletion proof, and vendor confirmations.
Provide the user with their data, deletion confirmation, or access report.
Record every step — timestamps, actions, systems touched, and evidence collected.
Close the request, store evidence, and identify workflow gaps for future improvement.
Kelunoa helps teams centralize DSAR evidence, map ownership, and reduce operational disruption under PPCDA.
Join the Waitlist