ข้ามไปยังเนื้อหาหลัก

Data Subject Access Request (DSAR) Handler

Art. 15-22 GDPR + PDPA Sections 30-37 · For Customer DSAR queue · Right-to-be-forgotten EU · CCPA verifiable request

From 12,500-45,000 บาท/request1-30 working days
083-249-4999 Chat on LINE

Data Subject Access Request (DSAR) Handler is a core privacy-program deliverable issued under Art. 15-22 GDPR + PDPA Sections 30-37 — protects against DPA fines, sustains customer trust, supports vendor audits and M&A privacy DD.

Certifications: CIPP/E, CIPP/A, CIPM, CIPT (IAPP), ISO/IEC 27001 Lead Auditor, ISO/IEC 27701 Lead Implementer, FIP.

Data Subject Access Request (DSAR) Handler takes 1-30 working days at 12,500-45,000 บาท/request — includes gap analysis + drafting + implementation + training + ongoing support.

We coordinate with PDPC Thailand, EDPB and destination DPAs across Schrems II adequacy jurisdictions.

Privacy program coverage: PDPA Pack · GDPR Pack · CCPA · DPO · DPIA · ROPA · SCC/BCR · Breach · CMP · DSAR · Privacy Policy · ISO/IEC 27701.

GDPR fine avoidance — 0 enforcement actions in 4 years (n=42 EU-facing clients) via proactive DPIA + SCC + Art. 27 representative.

Coverage

🇹🇭 For Thailand (PDPA)
PDPA B.E. 2562
🇪🇺 For European Union (GDPR)
Regulation 2016/679
🇬🇧 For United Kingdom (UK GDPR + DPA 2018)
UK GDPR + Data Protection Act 2018
🇺🇸 For California (CCPA/CPRA)
CCPA 2018 + CPRA 2020
🇸🇬 For Singapore (PDPA 2012)
Personal Data Protection Act 2012
🇦🇺 For Australia (Privacy Act 1988)
Privacy Act 1988 + APP
🇯🇵 For Japan (APPI)
Act on Protection of Personal Information (APPI)
🇰🇷 For South Korea (PIPA)
Personal Information Protection Act (PIPA)
🇨🇳 For China (PIPL)
Personal Information Protection Law 2021
🇧🇷 For Brazil (LGPD)
Lei Geral de Proteção de Dados
🇦🇪 For UAE (Federal PDPL 2021)
Federal Decree-Law No. 45 of 2021
🇮🇳 For India (DPDPA 2023)
Digital Personal Data Protection Act 2023

How it works

  1. 1

    Data discovery + mapping

    System audit + data-owner interviews + identification of processing activities + data-flow diagram.

  2. 2

    Gap analysis + risk

    Map against PDPA/GDPR/CCPA + risk register + DPIA for high-risk processing.

  3. 3

    Drafting + controls

    Draft policies + procedures + DPA + consent + security controls per NIST SP 800-53 / ISO 27001.

  4. 4

    Implementation + training

    Roll out CMP/DSAR portal + train DPO + staff awareness + privacy-by-design checklist.

  5. 5

    Audit + ongoing support

    Annual audit + monthly DPO report + breach drills + ROPA refresh + DPA inspection prep.

Frequently asked questions

Who needs Data Subject Access Request (DSAR) Handler?

Customer DSAR queue, Right-to-be-forgotten EU, CCPA verifiable request and any organisation processing personal data.

Total cost?

12,500-45,000 บาท/request, scaling with size and number of processing activities.

Timeline?

1-30 working days — faster if ISO 27001 baseline exists.

Is a DPO mandatory?

PDPA Sec. 41 mandates DPOs for public authorities, large processors, and sensitive data — GDPR Art. 37 mirrors the trigger.

Can we notify PDPC within 72 hours?

Triage likelihood + severity within 24h → notify decision within 72h — Tier-1 incident runbook included.

What is required for cross-border transfers?

PDPA Sec. 28: SCC, BCR, adequacy, consent, or derogation — we draft SCC + TIA.

DSAR SLA?

GDPR 30 days (extend 60) · PDPA 30 days · CCPA 45 days (extend 90) — DSAR portal tracks all.

Does ISO 27701 require ISO 27001?

Yes — 27701 is an extension of 27001 (combined implementation 9-12 months).

Related services

Thailand PDPA Compliance Pack (PDPA B.E. 2562) EU GDPR Compliance Pack (Regulation 2016/679) CCPA/CPRA Compliance (California Consumer Privacy Act) DPO Appointment Service (PDPA & GDPR) DPIA (Data Protection Impact Assessment) Record of Processing Activities (Art. 30 GDPR · PDPA ม.39) IP Rights Citizenship