A DSAR is a request from an individual for access to their personal data. Fulfilling a DSAR is a legal obligation under GDPR, CCPA and other laws.

It requires your team to sift through internal systems and inventory all the personal information you have on an individual. It’s a time-consuming and resource-intensive task.

What Is A DSAR?

DSAR stands for data subject access request and it’s part of the GDPR and California Consumer Privacy Act provisions that give individuals (or “data subjects”) the right to know what personal information businesses store on them. As a result, organizations are obligated to recognize these requests and respond to them within the timeframe set forth by their respective privacy regulations.

When an individual submits a GDPR DSAR, they’re typically asking for a list of all the personal data that your company has on them (or that you can confirm is not being processed). This data must be provided in a readily accessible format, such as an electronic file or PDF.

DSAR Types

Data protection laws like GDPR, CCPA and others empower individuals by giving them control of their personal information. But it can also create business opportunities, if companies understand and respect consumer rights. Fulfilling DSARs quickly and accurately improves brand reputation, builds trust and is a key to providing a Privacy UX experience that is top-of-mind for consumers.

DSARs can be submitted by anyone who gives you permission to use their personal information, such as customers or website visitors. But they aren’t just about accessing that information—people may also ask to have their data erased.

DSAR Process

Whether a person submits a request via your website, an internal chat or by speaking directly to a staff member, you need to be able to recognise a DSAR. Having a procedure in place that everyone can understand is crucial for GDPR compliance and for data subjects to feel comfortable making their requests.

Once a DSAR is received, your team will need to search for the information requested across your systems, emails, internal documents and hard copies in order to find all of the personal information on file. This is a labour-intensive task and requires coordinating with many different teams within the business to pull together information.

DSAR Response

DSAR requests are often challenging for businesses to fulfil and comply with. They can involve checking through a business’ systems, emails, internal chats and hardcopy documents to pull together a big pile of “Information About Them” into one place. Using an automated tool for DSAR fulfilment can streamline this process. This can also help with data redaction, a legal review step and reminders that can be sent out automatically.

Individuals can submit a DSAR directly to a business or through someone else on their behalf. The business must be satisfied that the person making the request is entitled to do so, either through written authorization or a general power of attorney.