Data Subject Access Request
Data Subject Access Request Gives Individuals Control of Personal Data
Under GDPR citizens have rights, executed through data subject access requests (DSARs) that they can exercise with any company (the controller) that holds their personal and sensitive information. The citizen can contact the Data Protection Officer, or utilize the company’s website or customer support to initiate their DSAR. The company then has 30 days to respond to the request.
What are some of the DSARs that may be requested?
- Request information on your data is used and processed.
- Request that any information the company holds is deleted.
- Request that your information is corrected.
- Request that your information use is restricted.
- Request that your information transferred to another service provider.
How do organizations process DSARs?
Most organizations have web forms that allow individuals to submit DSAR. These forms are then submitted to backend systems, potentially a CRM, marketing automation solution or a privacy automation solution. Key capabilities for these systems is the logging, management, monitoring, and reporting of all DSARs. However, organizations must have a continuous view of each individual’s data footprint to ensure they can fulfill the DSAR on the backend.
Here are additional resources to learn more about DSARs:
- IAPP, list of resources, Data Subject Requests
- UK Information Commissioner’s Office, What are my rights
- GDPR regulation text
You just learned about Data Subject Access Request, now explore related terms like Data Subject Rights, Data Subject and Consumer Rights, Consent, Right to be Forgotten, Personal Data, and Privacy Automation.