The Ultimate Guide to Data Subject Access Request Management (DSAR)
Learn the key steps to successful DSAR management, the operational challenges, and how to avoid common pitfalls.
Your FREE download will explain:
- A Data Subject Access Request (DSAR), what it means, and why it’s important.
- DSAR requirements mandated by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
- How to navigate risks and operational challenges of responding to data subject access requests.
- Practical steps to establishing a CCPA and CPRA compliant DSAR process and how to evolve that process as laws change.
- The brand reputation benefits of being able to efficiently respond to each DSAR request.
- Why businesses must develop processes and workflows to fulfill CCPA access, delete and do not sell requests.
- How privacy regulations like CCPA require that businesses implement an ongoing and flexible DSAR process that can adjust as requirements change.
Be prepared and understand DSAR fulfillment expectations
Avoid common pitfalls.
Understanding DSARs can save you thousands of dollars.
Pitfall #1: Security Risks Abound
Pitfall #2: Time Is of the Essence
Pitfall #3: The Long Tail of Data
NOW is the time to automate
Make sure you’re doing the right thing with personal information, while using technology to ensure you can simplify, structure, and automate your DSAR program
Frequently Asked Questions (FAQs)
What is a DSAR?
Data Subject Access Request.
A term introduced by the EU’s General Data Protection Regulation (GDPR), a DSAR is the way consumers exercise their rights to access information about why and how their data is being handled. Sometimes referred to as Subject Rights Request or SRR.
What are the main considerations when responding to a DSAR?
Being timely, transparent and consistent.
Timely responses to DSARs are not only required by CCPA/CPRA and GDPR but are also critical to building trust with your current and future customers. And by consistently being transparent about what personal data you’re collecting, where you keep data and who you’re sharing it with and why, you will naturally build trust.
How do you verify consumer requests under CCPA?
Consider your options carefully.
It’s ideal to take your time with this decision. Will you have the known customers or members log in? How will you handle prospects? What if you can’t find a person’s information? Will you need them to use identification tools such as Knowledge Based Verification? These are all considerations, especially if you need to request data from vendors.
Are emails included in a subject access request?
Simply, what’s included in a subject access request is anything that can identify, relate, describe or is reasonably capable of being associated with/linked directly or indirectly to with a particular consumer or household. This includes: identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar.
How long do you have for a data subject access request response?
For the most part, upon receiving a DSAR, you must act quickly.
GDPR requires businesses to comply with a data subject’s request within one month from receipt of the request and can extend two months if they notify the data subject. CCPA/CPRA requires businesses to comply within 45 days of receipt of a verifiable request. Businesses may exercise one 45-day extension when reasonably necessary, if they notify the consumer within the first 45-day period.
Do I have to be a privacy professional to use this guide?
Not at all.
Privacy laws are important for all members of an organization to understand, including marketing, sales, and purchasing teams. However, this guide will be most useful for privacy, security, and IT teams.
Is this a time consuming process?
It doesn’t have to be.
Our Ultimate Guide to DSAR outlines all that you need to know about fulfilling requests and avoiding common pitfalls. It’s laid out in a digestible way for reference. Now is the time to get organized on DSAR fulfillment so compliance is a no-brainer.