A Data Subject Access Request shouldn't cost someone their weekend, their sleep, or their peace of mind. For DPOs, HR managers, SENCos – anyone holding a 30-day clock.
Behind every DSAR is someone whose week just got harder, and someone else who's exercising a legal right and waiting for a proper answer. These are the four people we built Redactr Pro for.
The SENCo spends her weekend trawling through three years of emails, redacting names with a marker on printed pages.
That's not what she trained for.
That's not what the kids in her class need from her on Monday morning.
The HR manager at a fifty-person firm is now spending his evenings manually reviewing correspondence. He doesn't know if he's missed something. He isn't sleeping well.
The 30-day clock is ticking.
Maybe after a difficult school exclusion. Maybe after leaving a job badly. They have a legal right to a response, and they deserve one that's complete, accurate, and delivered on time.
Not one that's late, incomplete, or accidentally exposes someone else's name
because redaction was done manually at midnight.
Now there's a reportable breach, an ICO notification obligation, and a very uncomfortable conversation with the person whose data was exposed.
All because someone used find-and-replace in Word at 11pm.
The cost of getting DSARs wrong is real – fines, breach notifications, tribunals. But the cost of doing them by hand is paid in evenings, weekends, and sleep. We think both matter.
The Redactr API removes sensitive data from documents in production today, including patient data at the British Society of Echocardiography. Pro is the DSAR case management workspace that runs on top – the engine handles the redactions, full-depth and permanent, once you approve. Open-source core, zero data retention.
See the Redactr API →The British Society of Echocardiography uses Redactr to remove patient data from clinical reports before they enter their accreditation platform. Permanently.
Email threads scatter across inboxes. Documents live in shared drives. Versions multiply. By day 20, no one's sure what's been done.
Redactr Pro turns every DSAR into a case – a workspace with the inbox, the documents, the audit trail, and a clock that doesn't stop.
The 30-day clock is always visible. So is everything else.
Redactr Pro handles the full DSAR case lifecycle – from the initial request through gathering, reviewing, redacting, and sending the response. Built for teams, designed for people who'd rather be doing their actual job.
Each DSAR is a case. Per-case email inbox, document gathering, review workflow, audit trail. The clock is always visible.
Connect the systems you already use. Sensitive data stays where you keep it. We don't add another silo.
Agents help surface candidates for redaction. You review and approve. Nothing leaves Redactr Pro without a human signing off.
The person making the request gets a proper place to track their DSAR and receive the response. No more PDFs over email.
DPOs, privacy managers, reviewers, approvers. Permissions that match how DSAR work actually gets divided up.
Every action logged. Every decision recorded. When the ICO asks how a response was produced, you can show them.
A Data Subject Access Request is the right – under UK GDPR – for someone to ask what personal data an organisation holds about them. It applies to anyone who handles personal data, from a school to a 500-person business.
Thirty days from the date the request is received. The clock can be extended by up to two months for complex requests, but you have to tell the requester within the original 30 days.
Sensitive data is permanently removed from the document. Not covered with a black box, not annotated, not hidden behind a layer. Once redacted, the original data is gone. The same engine powers the Redactr API in production today.
Redactr Pro is currently in private beta with a small group of design partners. Join the mailing list and we'll let you know when we open up more widely.
We're working with a small group of design partners ahead of launch. Leave your email and we'll keep you in the loop, no more than once a month.