A subject access request reply is the package you give a person who exercises the right of access under UK GDPR Art. 15. Before you disclose it, you strip PII that belongs to other people. anonym.plus marks those details on your own device.
When this applies
An individual asks what information you hold on them. The export pulls logs and tickets that also name other customers and staff.
How anonym.plus handles it
- Open the export in anonym.plus on your device.
- The tool flags names, emails, phones, and account IDs.
- Keep the requesting person's own records intact.
- Mark every other person's PII for removal.
- Swap or black out each flagged item.
- Save the clean export on your machine.
What you need to provide
- The export file (CSV, JSON, PDF, or document bundle).
- An operator: Replace for readable copies, Redact for full removal.
- An allow-list holding the requesting person's identifiers.
PII entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | other customer → [PERSON] |
| Contact | EMAIL_ADDRESS | k.byrne@example.co.uk → [EMAIL] |
| Accounts | CREDIT_CARD | 4111 1111 ... → [CARD] |
| Identifiers | UK_NINO | QQ 12 34 56 C → [NINO] |
| Contact | PHONE_NUMBER | 0161 496 0123 → [PHONE] |
| Location | LOCATION | delivery address → [ADDRESS] |
Compliance achieved
- Supports a lawful access reply under UK GDPR Art. 15 (DSAR).
- Hides other people's PII so the disclosure stays specific to the requester.
- Runs offline, so raw personal data never reaches a vendor cloud.
- Handles CSV and JSON exports as well as document bundles.
Anonymise subject access replies offline — see plans & start free →
Limitations & cautions
The tool flags PII; you decide what to share. A SAR gives a person their own records, not other people's. Sensitive fields like a full card or National Insurance number may need extra masking under other rules. Review each flag first.
Frequently asked questions
Whose details go into a SAR reply?
Only the requesting person's personal data. Strip anything tied to other people or staff. anonym.plus flags both so you can keep one and remove the rest.
Does it work on a bulk CSV export?
Yes. Tidy columns and free-text fields are both scanned, and a steady label map keeps rows for one person joinable after the swap.
Is anything sent to the cloud?
No. Work is local. The export stays on your device, which removes the breach risk of uploading raw personal data.