Subject access redaction is the removal of other people's data from an investigation file before disclosure. GDPR Art. 15 gives a person access to their own records, not to third-party details. anonym.plus clears those other names on your device.
When this applies
An employee files a subject access request (DSAR) for an investigation about them. The file also names witnesses and colleagues whom you must shield.
How anonym.plus handles it
- Open the file in anonym.plus on your device.
- The tool flags every named person in the text.
- Keep the requester's own details; flag the rest.
- Swap or black out third-party names and contacts.
- Save the disclosable copy on your device.
What you need to provide
- The investigation file (PDF, DOCX, or export).
- An allow-list for the requester's own identifiers.
- An operator (Redact for third-party items).
PII entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | requester → kept (their right) |
| Names | PERSON | witness → [REDACTED] |
| Names | PERSON | named colleague → [REDACTED] |
| Contact | EMAIL_ADDRESS | witness email → [REDACTED] |
| Contact | PHONE_NUMBER | witness phone → [REDACTED] |
| Identifiers | NATIONAL_ID | third-party ID → [REDACTED] |
Compliance achieved
- Supports the access duty under GDPR Art. 15.
- Shields third-party details the requester has no right to see.
- On-device AES-256-GCM guards the working files.
- Runs offline, so the file never reaches a cloud service.
Anonymize subject access files offline — see plans & start free →
Limitations & cautions
Art. 15 needs a balance between the requester's right and others' privacy. The tool flags names; you decide what to keep. A witness may still be obvious from context even with the name gone.
Frequently asked questions
Why keep the requester's own details?
GDPR Art. 15 gives a person the right to access their own file. You keep their identifiers and shield only the records of other people.
How do I protect a witness in the file?
Flag and redact the witness's name and contacts. The tool also flags indirect mentions so you can review them.
Can I set the requester's own IDs as allowed?
Yes. An allow-list keeps the requester's identifiers in place while the tool removes everyone else's.