Skip links

Term: Data Subject Access Request (DSAR)

DSRs are Data Subject Access Requests, whereby an individual asks a company (a data controller) to provide information about their personal information it has collected and stored about them and related purposes.

What is a Data Subject Access Request (DSAR)?

Data Subject Access Request (DSAR) Under The GDPR

In accordance with General Data Protection Regulation (The GDPR) Article 15, individuals have the right to access their personal data. This right allows individuals to contact the data controller and ask for access to their personal data, the purpose for which it is being processed, who is receiving it, how long it will remain, whether it is processed automatically, etc. If a data controller receives such a request, they must respond within one month (with a possible extension of additional two months).

However, data subject access requests (DSAR) exist under other global privacy laws as well.

Data Subject Access Request (DSAR) Under The CCPA

Under the CCPA in California, businesses must provide consumers with two or more designated methods for submitting requests for information required to be disclosed. Business must provide consumers with the necessary information free of charge within 45 days of receiving a verifiable request. It is possible to extend the time period to provide the required information if the consumer is informed within the first 45 days.

Who Can Submit a DSAR?

Anyone whose personal data is being processed, or their guardians, can submit a Data Subject Access Request (DSAR). It is a formal process that enquires about which personal data has been collected, stored, and used, and why.

« Back to Glossary Index