An Overview of DSARs

Privacy laws were designed to balance companies’ needs for marketing information with the customers’ rights to privacy. Exercising this right can take a variety of forms. Today, we’ll be focusing on a particular right encoded in most major privacy laws: the right to submit DSARs.

What are DSARs?

A DSAR, or data subject access request, refers to a customer’s right to be informed about a company’s use of their personal information. The GDPR and CCPA both include guidelines for handling DSARs properly.

DSARs were included in privacy regulations for multiple reasons. First of all, they allow customers to see how companies use their data and if they approve. Second, it allows the customers to make informed decisions on how to handle their personal data now and in the future. And finally, it forces companies to be transparent with their handling of personal information.

In a DSAR, customers can ask for:

Everything legally considered their personal data
How you acquired their data
How long you’ll keep their data
How you use their data
Anyone you share their data with

There are four types of DSARs:

Right to access: a request to view the data a company has collected on them
Right to update: a request to correct mistakes and/or outdated information in a company’s data
Right to portability: a request for a copy of their personal data
Right to be forgotten: a request for their personal data to be entirely purged from the system

Customers may submit a DSAR at any time, and for any of these four reasons. Companies must respond to the vast majority of these requests and do so in a timely manner.

While companies can refuse DSARs, this is only permitted rarely and for very specific reasons:

The request is unreasonable and/or excessive
The customer has no legitimate use for the requested data

A company that refuses a DSAR must be prepared to defend its decision in court. Any recorded reason of refusal must be sound, legally defensible, and demonstrably true.

The Right to Data Access

Privacy laws are concerned with customer rights above all else. While your company obviously prefers to focus on marketing, honoring your customers’ rights is critical. Responding promptly and efficiently to DSARs is just one step in the process.

Is your current DSAR system lackluster, or worse, nonexistent? Get in touch with us today and see how 4Comply can fix that.

This is an excerpt from our newest white paper, “DSARs: Costs & Solutions”. Download and read the full white paper here.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

An Overview of DSARs

What are DSARs?

There are four types of DSARs:

The Right to Data Access

Related posts

4 Methods for Responding to a Data Request

The DSAR Process: 5 Steps to Rights Fulfillment

Basic GDPR Data Breach Response Guidelines