Privacy laws were designed to balance companies’ needs for marketing information with the customers’ rights to privacy. Exercising this right can take a variety of forms. Today, we’ll be focusing on a particular right encoded in most major privacy laws: the right to submit DSARs.
A DSAR, or data subject access request, refers to a customer’s right to be informed about a company’s use of their personal information. The GDPR and CCPA both include guidelines for handling DSARs properly.
DSARs were included in privacy regulations for multiple reasons. First of all, they allow customers to see how companies use their data and if they approve. Second, it allows the customers to make informed decisions on how to handle their personal data now and in the future. And finally, it forces companies to be transparent with their handling of personal information.
In a DSAR, customers can ask for:
Customers may submit a DSAR at any time, and for any of these four reasons. Companies must respond to the vast majority of these requests and do so in a timely manner.
While companies can refuse DSARs, this is only permitted rarely and for very specific reasons:
A company that refuses a DSAR must be prepared to defend its decision in court. Any recorded reason of refusal must be sound, legally defensible, and demonstrably true.
Privacy laws are concerned with customer rights above all else. While your company obviously prefers to focus on marketing, honoring your customers’ rights is critical. Responding promptly and efficiently to DSARs is just one step in the process.
This is an excerpt from our newest white paper, “DSARs: Costs & Solutions”. Download and read the full white paper here.