April 18, 202612 min readprivacy

GDPR Data Subject Access Requests: How to Convert Your Personal Data Export to PDF

When you receive your GDPR data export from Google, Facebook, LinkedIn, or any company, it comes as JSON, CSV, and HTML files. Here's how to convert them into readable PDFs.

TL;DR

GDPR gives EU residents the right to receive a copy of all personal data a company holds about them. When you exercise this right — submitting a Data Subject Access Request (DSAR) — companies respond with data exports in technical formats: JSON, CSV, HTML, and plain text files that are difficult to read and impossible to file or share. Convert: Anything to PDF converts these exports to clean, readable PDFs locally — your personal data never touches a third-party server during conversion.

The General Data Protection Regulation (GDPR), which applies throughout the EU and to companies worldwide that process EU residents' data, grants individuals several rights regarding their personal data. One of the most powerful is the right of access under Article 15.

Under this right, you can submit a Data Subject Access Request (DSAR) to any company that processes your personal data and receive:

A copy of all personal data they hold about you
The purposes for which it is processed
The categories of data and recipients
How long they plan to retain it
Information about automated decision-making if applicable

Companies must respond within one month (extendable to three months in complex cases). The response typically includes a machine-readable data export.

Who can exercise this right?

Any person whose personal data is processed by an organization subject to GDPR can submit a DSAR. This includes:

EU residents using any service
Non-EU residents whose data is processed by EU-based companies
Employees of EU-based companies
Customers, users, and website visitors whose data is collected

Many UK users retain similar rights under UK GDPR post-Brexit.

Why 2026 is a particularly relevant time to exercise DSARs

Several 2026 developments have increased DSAR activity:

EU AI Act data transparency requirements — The EU AI Act requires transparency about how AI systems use personal data. This has increased awareness of what data companies hold and renewed interest in exercising GDPR rights.

CCPA DELETE Act — While primarily US-focused, California's DELETE Act has raised awareness globally about data deletion rights, prompting EU residents to exercise their GDPR equivalent rights.

Major data breaches — 2026 has seen several high-profile data incidents. People who learn a company they use has experienced a breach often submit DSARs to understand what data of theirs was held.

AI training data concerns — With massive AI training datasets under scrutiny, individuals are submitting DSARs to understand if their data was used in AI training.

What your data export looks like

The specific format varies by company, but most major platforms return similar types of files:

Google Takeout

Google's data export (Google Takeout) is the most comprehensive data export available from any major tech company. It includes:

JSON files for most data: search history, YouTube history, location history, Maps activity, Gmail messages, Calendar events, Google Pay transactions, and more
HTML files for some data: search activity, website and app activity
CSV files for spreadsheet data: Contacts, Calendar
Multimedia files: Photos, videos (not converted to PDF)

A typical Google Takeout export runs several gigabytes and contains hundreds of files organized in folders.

Facebook / Meta data export

Meta's data export comes as:

JSON files: messages, posts, likes, comments, ad interactions, location data, security log
HTML files: activity summary pages
Organized in a folder structure

LinkedIn data export

LinkedIn provides:

CSV files: connections, messages, job applications, saved jobs, endorsements, recommendations
PDF: Profile summary (already in PDF)

Apple data export

Apple provides:

JSON files: App Store, iCloud, health data, Apple ID information
CSV files: Safari history, Apple Music activity

Other services

Most GDPR-compliant services provide some combination of JSON (for structured data), CSV (for tabular data), HTML (for human-readable summaries), and plain text.

The problem: data exports are readable by machines, not humans

The JSON, CSV, and HTML formats that companies use for GDPR exports are chosen for data portability and technical accuracy. They are not designed for human reading or filing.

JSON files are structured data with curly braces, quotation marks, and nesting — readable with effort but not scannable. A JSON file of your search history might have 10,000 entries in an undifferentiated block of text.

CSV files are better for humans but require a spreadsheet application to view properly. Opened in a text editor, they are a comma-separated wall of text.

HTML files are the most readable, but they are web pages — they look fine in a browser, but require a browser to view, and are not suitable for filing or sharing.

None of these are suitable for:

Filing as documentation
Sharing with a lawyer
Submitting as evidence in a legal proceeding
Printing for reference
Reading through systematically without technical tools

Convert: Anything to PDF converts every format in a GDPR export:

CSV files → formatted tables

When you drop a CSV into Convert: Anything to PDF, it renders as a table in the output PDF. Column headers are recognized and used as table headers. Each row is a table row. For your LinkedIn connections export, your Facebook message history in CSV format, or your Google contacts — these become readable tables.

This is particularly useful for:

Connections/contacts lists: Your LinkedIn connections CSV becomes a readable table of names, companies, and connection dates
Message headers: Message metadata CSVs showing who you communicated with and when
Activity logs: Tables of your likes, follows, shares, and interactions

HTML files → rendered PDFs

HTML activity files from Google, Facebook, and other services render in the PDF as they would appear in a browser. The formatting, tables, and structure are preserved.

This is the best format for human-readable activity summaries that companies include in exports.

JSON files → readable text

JSON files converted directly are hard to read, but they become more manageable in PDF form. For viewing specific JSON files (like a Google search history JSON), consider using a JSON-to-readable-text converter or opening the JSON in a browser before converting to PDF — the indentation and structure become more apparent.

For large JSON files, selectively choose which ones to convert rather than converting everything.

Images → embedded PDFs

Any images included in your export (profile pictures, downloaded attachments) can be embedded in the PDF.

Privacy-first approach: why local processing matters

Your GDPR data export contains highly sensitive personal data:

Your location history
Your private messages
Your medical information (if stored by health apps)
Your financial transactions
Your browsing and search history
Your political or religious interests derived from activity patterns

This data was collected by the company and is now in your hands for you to review. Uploading it to a cloud-based PDF converter (iLovePDF, Smallpdf, Adobe online, PDFCrowd) creates a secondary data exposure — you are voluntarily transmitting your most sensitive personal data to yet another company.

Convert: Anything to PDF processes everything locally in your Chrome browser. The files are never uploaded to any server. Only your device processes the data. This is the appropriate choice for GDPR export data.

Step-by-step: processing your Google Takeout

Google Takeout exports can be overwhelming. Here is a focused approach:

Step 1: Request your Google data

Go to takeout.google.com
Select which Google services to include (select only what is relevant to your purpose — this keeps the export manageable)
Choose delivery method (email link or direct download)
Select format options where available
Wait for the export to complete (hours to days depending on data volume)

Step 2: Extract and organize

Download and extract the ZIP file (often multiple ZIP files for large exports)
Navigate the folder structure to find the relevant files
Identify which files are CSV/HTML/JSON

Step 3: Select priority files for conversion

Do not try to convert everything. Identify the files relevant to your purpose:

Investigating ad targeting? → Ads/My Ads.html and Profile/Ads Preferences.html
Reviewing location history? → Location History/Records.json and Semantic Location History/ folder
Checking account security? → Security/Account activity.html
Understanding search behavior? → My Activity/Search/MyActivity.html

Step 4: Convert selected files to PDF

Open Convert: Anything to PDF
Drag in your selected files
Arrange in logical order
Convert and download

The result is a readable PDF of your most relevant personal data, suitable for review, legal consultation, or archiving.

Using DSAR exports in legal and HR contexts

Employment disputes

Former employees in the EU regularly use DSARs to obtain records of communications, performance reviews, and HR system data as evidence in employment disputes. Having this data converted to PDF makes it usable in legal proceedings.

For this use case, work with a solicitor or lawyer before submitting the DSAR — they may advise on how to phrase the request to ensure you receive the most relevant data.

Data breach response

If you have been informed that a company experienced a data breach, submitting a DSAR lets you understand exactly what data of yours was held — and therefore what may have been compromised. Converting the response to PDF creates a documented record for insurance claims, identity monitoring services, or legal action.

AI training data disputes

With growing awareness that major AI companies scraped personal data for model training, some individuals are submitting DSARs to understand if their content was included in training datasets. The intersection of GDPR and AI training data obligations is an active area of law in 2026.

Tool	Handles JSON?	Handles CSV?	Local processing?	Free?
Convert: Anything to PDF	Readable text	Yes (table format)	Yes	Yes
Adobe Acrobat	Partial	Yes	Desktop: Yes	No
iLovePDF	Limited	Yes	No (cloud)	Limited
Python scripts	Yes (with code)	Yes (with code)	Yes	Yes (but requires coding)
LibreOffice	Limited	Yes	Yes	Yes
jq (JSON CLI tool)	Yes	N/A	Yes	Yes (but requires CLI knowledge)

For non-technical users who need a quick, private way to convert GDPR exports to readable PDFs, Convert: Anything to PDF offers the most accessible path.

Frequently asked questions

Most major companies provide a self-service mechanism (Google Takeout, Facebook's Privacy Center, LinkedIn's Data Export tool). For companies without self-service, send a written request to their privacy email (usually listed in their privacy policy). Include your name, the email address associated with your account, and specify that you are exercising your right of access under GDPR Article 15. They must respond within one month.

GDPR applies to EU residents. If you are outside the EU but using a service provided by an EU-based company, you may also have rights. UK residents have similar rights under UK GDPR. For companies operating in California, CCPA provides equivalent data access rights (though the specific mechanisms differ).

What if the company refuses or doesn't respond?

If a company fails to respond within one month, or refuses without adequate justification, you can file a complaint with your national data protection authority (the ICO in the UK, the CNIL in France, the DPA in the Netherlands, etc.). These authorities have enforcement powers and actively pursue complaints.

Can I convert JSON files directly?

Yes, but the output may be dense. JSON files are converted as formatted text — the JSON structure is preserved in the PDF. For large JSON files (thousands of entries), this is functional but not elegant. For a more readable version, open the JSON file in a browser (right-click → Open with → Browser), which renders it with indentation and collapsible sections, then convert the browser view using Convert: Web to PDF.

Potentially, yes. A message export will contain both your messages and the messages of everyone you communicated with. This is your data as a party to those communications. Treat it with appropriate care — do not share it publicly or use it in ways that could harm the other parties.

Should I delete my Google/Facebook account after receiving the export?

Receiving a DSAR export does not automatically delete your account or data. If you want your data deleted, you need to separately exercise your right to erasure (the "right to be forgotten" under GDPR Article 17), which requires a separate deletion request.

Bottom line

Your GDPR data export is a detailed record of everything a company knows about you — and it comes in formats designed for machines, not people. Convert: Anything to PDF transforms those JSON, CSV, and HTML files into readable, archivable PDFs without uploading your most sensitive personal data to yet another cloud service. Exercise your rights, understand your data, and keep the converted records in a secure personal archive — entirely offline, entirely under your control.

Try our free Chrome extensions

Privacy-first tools that actually work. No paywalls, no tracking, no data collection.

Browse Extensions More Articles