Data Subject Access Request
When the GDPR was enforced back in the year 2018, it was decided to give back individuals control over their data. The same is procured by granting eight Data Subject Rights and one of those rights – the right of access, allows individuals to collect information about which data the company holds about them, why, how it can be used, and other details.
Although the right of access is not a novelty, the GDPR (General Data Protection Regulation) expands the same right with some new mandatory categories of information that the company is obligated to give and makes it simpler for individuals to submit their requests and access the data and collect information.
The data access request is one of the most common requests companies receive; hence, sooner or later, as a company, you will have to deal with the data request management. Here’s what you need to know about DSAR (Data Subject Access Request).
What is a Data Subject Access Request?
A DSAR is a request made by an individual for access to the data that an organization holds about them. This includes any personal data, such as name, address, date of birth, etc. The request can be made verbally or in writing, and the organization must respond within 30 days.
DSARs are important because they give individuals the right to know what data is being collected about them and how it’s being used. This helps to make sure that organizations are transparent in their handling of personal data and gives individuals the ability to hold organizations accountable for their actions.
Types of Information you are obligated to give in a DSAR response
An enterprise or a company is obligated to give confirmation that they are processing personal data or a copy of personal data, and other types of information, such as:
- Reason for processing personal data
- Source of data
- Third parties with whom the company is sharing the information, if any
- Data retention period
- Categories of personal data
- Information about automated decision-making
- Details about their GDPR rights
Who can submit a DSAR request?
It can be submitted by individuals whose personal data the company is processing. They are not obliged to give any specific reason to submit a DSAR and can request a DSAR at any time.
To be more specific, DSAR is not only applied to any employee but also to customers, partners, and contractors. It can also be submitted on behalf of others if that person is authorized by the data subject like:
- Parents requesting on behalf of their kids
- Lawyers requesting on behalf of their clients
- Relative or a friend
- A person appointed as a guardian
The company has a right as well as an obligation to ask for a written document supporting the authorization.
How can DSAR be submitted?
- It can be submitted verbally or in writing. For example, over the phone or by filling the form online.
- With the help of any channel, including social media, and to any person inside the company.
- It should be noted that the request does not have to be addressed as a DSAR request, mention GDPR or any certain right.
Many companies are responsible for handling DSAR automation to help you create and publish data subject access requests forms with the help of customizable templates that automatically link personal and sensitive data for all data subjects in order to create easy to use workflows and to collaborate among stakeholders to help security and compliance terms, as well as share personal data over a secure platform for ease of use and complete peace of mind. Get in touch with the right source to collect, organize, and publish data subject requests in a centralized database.
