Data Subject Access Requests (DSAR)

Privacy laws were designed to balance companies’ needs for marketing information with the customers’ rights to privacy. Exercising this right can take a variety of forms. Today, we’ll be focusing on a particular right encoded in most major privacy laws: the right to submit DSARs.

What are DSARs?

A DSAR, or data subject access request, refers to a customer’s right to be informed about a company’s use of their personal information. The GDPR and CCPA both include guidelines for handling DSARs properly. 

DSARs were included in privacy regulations for multiple reasons. First of all, they allow customers to see how companies use their data and if they approve. Second, it allows the customers to make informed decisions on how to handle their personal data now and in the future. And finally, it forces companies to be transparent with their handling of personal information.

In a DSAR, customers can ask for:

• Everything legally considered their personal data
• How you acquired their data
• How long you’ll keep their data
• How you use their data
• Anyone you share their data with

There are four types of DSARs:

• Right to access: a request to view the data a company has collected on them
• Right to update: a request to correct mistakes and/or outdated information in a company’s data
• Right to portability: a request for a copy of their personal data
• Right to be forgotten: a request for their personal data to be entirely purged from the system

Customers may submit a DSAR at any time, and for any of these four reasons. Companies must respond to the vast majority of these requests and do so in a timely manner.

While companies can refuse DSARs, this is only permitted rarely and for very specific reasons:

• The request is unreasonable and/or excessive
• The customer has no legitimate use for the requested data

A company that refuses a DSAR must be prepared to defend its decision in court. Any recorded reason of refusal must be sound, legally defensible, and demonstrably true.

The Right to Data Access

Privacy laws are concerned with customer rights above all else. While your company obviously prefers to focus on marketing, honoring your customers’ rights is critical. Responding promptly and efficiently to DSARs is just one step in the process.

Is your current DSAR system lackluster, or worse, nonexistent? Get in touch with us today and see how 4Comply can fix that.

This is an excerpt from our newest white paper, “DSARs: Costs & Solutions”. Download and read the full white paper here.