A DSAR response is the package you give a person who asks for their data under GDPR Art. 15. Before you send it, you must hide PII that belongs to other people. anonym.plus marks that data on your own device, so nothing leaves your machine.
When this applies
A subject files a data-subject access request (DSAR). Your reply gathers emails, notes, and forms that name colleagues and other customers too.
How anonym.plus handles it
- Open the gathered files in anonym.plus on your device.
- Local OCR reads scanned pages, so it catches printed text too.
- The tool flags names, emails, phone numbers, and IDs.
- Keep the subject's own data; mark third-party PII for removal.
- Black out or swap each flagged item, then review the result.
- Save the clean pack. The source never leaves your machine.
What you need to provide
- The gathered files (PDF, DOCX, TXT, email export, or scan).
- An operator: Redact (remove), Replace (swap), or Mask (partial).
- Optional allow-list to keep the subject's own identifiers.
PII entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | Maria Schneider → [THIRD_PARTY] |
| Contact | EMAIL_ADDRESS | j.weber@example.com → [EMAIL] |
| Contact | PHONE_NUMBER | +49 30 555 0147 → [PHONE] |
| Identifiers | US_SSN / NATIONAL_ID | 078-05-1120 → [ID] |
| Location | LOCATION | 12 Hauptstrasse → [ADDRESS] |
| Accounts | IBAN_CODE | DE89 3704 ... → [ACCOUNT] |
Compliance achieved
- Supports a lawful reply under GDPR Art. 15 access rights.
- Hides other people's PII so disclosure stays within the law.
- Runs offline; the subject file is guarded with AES-256-GCM.
- Reads 48 languages, so EU records in any tongue are covered.
Anonymize DSAR responses offline — see plans & start free →
Limitations & cautions
The tool flags PII; you decide what to release. Art. 15 gives the subject their own data, not a free pass to others' details. Whether a name is truly third-party is a legal call. Review each flag before you send the pack.
Frequently asked questions
What must I redact in a DSAR reply?
Hand the subject their own personal data. Remove PII that belongs to other people, unless they have agreed or it is reasonable to disclose. anonym.plus flags both so you can choose.
Does this send my files to a server?
No. The app runs on your own device with no cloud step. The subject's data never leaves your machine, which keeps the disclosure under your control.
Can it read scanned letters in the pack?
Yes. Local OCR reads scanned pages, so PII in image files is caught alongside typed text.