How To Perform a Data Subject Access Request in Office 365

GDPR Real enough for you now? Get one of these great books to get you up to speed for those management and board meetings.



GDPR has had us business owners and managers busy for a quite a while and now we have to put into practice everything we’ve been prepping for. One of the biggest worries for many is how are they going to actually assemble all of the files and emails which relate to a specific person.

Thankfully Microsoft have put a lot of effort into making Office 365 setup to handle Subject Access Requests from employees and its surprisingly easy to do!

The hardest part is actually sifting through all the data to check there is nothing you shouldn’t be handing over.

Lets jump in and perform a Subject Access Request for me in my 365 lab tenant.

Log into: https://protection.office.com and browse to ‘Data Privacy’ then ‘Data subject request’ and Click on ‘New DSR case’.



Enter the name of the person making the data request or any other ID you use to log requests made to your business.



Enter the name of the person who has made the request.



Save the case.



Click ‘Show me search results’



By default the search query will locate all emails with the employees email address and also return all files and instant messages. You can view the emails and files from here but its usually easier to search through the actual files to remove items as required.



Click ‘More’ then ‘Export results’



The default options here are ok in most cases so click on ‘Export’.




Depending on how much data there is to export the process can take a few minutes to a few hours. Return to Exports and click on the export job to view the status of the task.



When the export is complete you will have the option to click ‘Download results’ While here click ‘Copy to clipboard’ because this will be needed in the next step to allow you to download the files from Office 365.



Paste in the export key and choose a folder to save the downloaded files to.



Once the download is complete all emails can be found in PST files under the Exchange folder and all files are found under SharePoint.


The tricky part now is to go through all the data to ensure you remove any sensitive information or files which should not be handed over to the requesting party.

Hope this proves useful to you!

Author: Ian@SlashAdmin

Share This Post On
468 ad

1 Comment

  1. Hello,

    What if a non-Office365 account holder want’s to issue a SAR request to Microsoft in order to get a copy of emails sent to an Office365 account? Is this possible?

    Post a Reply

Submit a Comment

Your email address will not be published.