SPOKES Privacy Technology Conference Fall 2021

Watch Now

Free Download

The Ultimate Guide to Data Subject Access Request Management (DSAR)

Learn the key steps to successful DSAR management, the operational challenges, and how to avoid common pitfalls.

WireWheel Privacy Policy
WireWheel DSAR Guide

Your FREE download will explain:

  • A Data Subject Access Request (DSAR), what it means, and why it’s important.
  • DSAR requirements mandated by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
  • How to navigate risks and operational challenges of responding to data subject access requests.
  • Practical steps to establishing a CCPA and CPRA compliant DSAR process and how to evolve that process as laws change.
  • The brand reputation benefits of being able to efficiently respond to each DSAR request.
  • Why businesses must develop processes and workflows to fulfill CCPA access, delete and do not sell requests.
  • How privacy regulations like CCPA require that businesses implement an ongoing and flexible DSAR process that can adjust as requirements change.
WireWheel DSAR Guide

Be prepared and understand DSAR fulfillment expectations

Automating consumer requests saves time and avoids human error.
Customer satisfaction increases through consistency and transparency.
Stay flexible and adaptable to an evolving privacy landscape.
Automating consumer requests saves time and avoids human error.
Customer satisfaction increases through consistency and transparency.
Stay flexible and adaptable to an evolving privacy landscape.

Avoid common pitfalls.

Understanding DSARs can save you thousands of dollars.

white circle icon with number 1

Pitfall #1: Security Risks Abound

Moving personal information or customer data out of the encrypted data stores and into other systems can bring significant risks, including data breaches.
white circle icon with number 2

Pitfall #2: Time Is of the Essence

You have 45 days to deliver information. Timely response to managing data subject access requests is required by CCPA, CPRA, and GDPR. It is also critical to building trust with current and future customers. Make sure you know to quickly access information to fulfill requests.
white circle icon with number 1

Pitfall #3: The Long Tail of Data

You must be able to confirm that any third-party organizations you share information with also receive the deletion request and honor it to avoid being liable.

And more…

NOW is the time to automate  

Make sure you’re doing the right thing with personal information, while using technology to ensure you can simplify, structure, and automate your DSAR program

Frequently Asked Questions (FAQs)

What is a DSAR?

Data Subject Access Request.

A term introduced by the EU’s General Data Protection Regulation (GDPR), a DSAR is the way consumers exercise their rights to access information about why and how their data is being handled. Sometimes referred to as Subject Rights Request or SRR.

What are the main considerations when responding to a DSAR?

Being timely, transparent and consistent.

Timely responses to DSARs are not only required by CCPA/CPRA and GDPR but are also critical to building trust with your current and future customers. And by consistently being transparent about what personal data you’re collecting, where you keep data and who you’re sharing it with and why, you will naturally build trust.

How do you verify consumer requests under CCPA?

Consider your options carefully.

It’s ideal to take your time with this decision. Will you have the known customers or members log in? How will you handle prospects? What if you can’t find a person’s information? Will you need them to use identification tools such as Knowledge Based Verification? These are all considerations, especially if you need to request data from vendors.

Are emails included in a subject access request?


Simply, what’s included in a subject access request is anything that can identify, relate, describe or is reasonably capable of being associated with/linked directly or indirectly to with a particular consumer or household. This includes: identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar.

How long do you have for a data subject access request response?

For the most part, upon receiving a DSAR, you must act quickly.

GDPR requires businesses to comply with a data subject’s request within one month from receipt of the request and can extend two months if they notify the data subject. CCPA/CPRA requires businesses to comply within 45 days of receipt of a verifiable request. Businesses may exercise one 45-day extension when reasonably necessary, if they notify the consumer within the first 45-day period.

Do I have to be a privacy professional to use this guide?

Not at all.

Privacy laws are important for all members of an organization to understand, including marketing, sales, and purchasing teams. However, this guide will be most useful for privacy, security, and IT teams.

Is this a time consuming process?

It doesn’t have to be.

Our Ultimate Guide to DSAR outlines all that you need to know about fulfilling requests and avoiding common pitfalls. It’s laid out in a digestible way for reference. Now is the time to get organized on DSAR fulfillment so compliance is a no-brainer.

Download your guide to get crystal clear on fulfilling DSARs with ease.