Join the Waitlist

DSAR Deep‑Dive

A practical, evidence-focused walkthrough of how Canadian SaaS teams should handle DSARs under PPCDA.

A Data Subject Access Request (DSAR) is a user request to access, delete, or correct their data — and PPCDA requires verifiable evidence for every step. DSARs are the earliest and most operationally painful PPCDA workflow — and the fastest way to expose gaps in data mapping, retention, and vendor management.

The DSAR Workflow at a Glance

1. Intake & Verification

Capture the request, verify identity, timestamp the intake, and classify the DSAR type.

2. Data Location Mapping

Identify all systems containing user data — internal, vendor, archived, and legacy.

3. Evidence Collection

Gather exports, logs, screenshots, deletion proof, and vendor confirmations.

4. Fulfillment

Provide the user with their data, deletion confirmation, or access report.

5. Audit Trail

Record every step — timestamps, actions, systems touched, and evidence collected.

6. Closure & Review

Close the request, store evidence, and identify workflow gaps for future improvement.

Detailed DSAR Breakdown

1. Intake & Verification

  • Timestamped DSAR intake log
  • Identity verification steps (email, MFA, ID match)
  • Classification of DSAR type (access, deletion, correction)
  • Requester communication log

2. Data Location Mapping

  • List of all systems containing user data
  • Vendor systems included in the mapping
  • Legacy or archived systems identified
  • Evidence of data ownership across teams

3. Evidence Collection

  • Data exports (JSON, CSV, screenshots)
  • Deletion logs or confirmation artifacts
  • Vendor confirmations for data removal
  • Access logs showing who touched the data

4. Fulfillment

  • Clear, complete response to the user
  • Deletion confirmation (if applicable)
  • Access report (if applicable)
  • Timestamped delivery log

5. Audit Trail

  • Full timeline of DSAR handling
  • Evidence of each step taken
  • Team ownership mapping
  • Retention of DSAR evidence for compliance

6. Closure & Review

  • DSAR closure log
  • Evidence stored centrally
  • Workflow gaps identified
  • Improvements documented

Quietly Onboarding Canadian Teams

Kelunoa helps teams centralize DSAR evidence, map ownership, and reduce operational disruption under PPCDA.

Join the Waitlist