The Agency Guide to DSAR
Understand and manage DSAR requests with ease
A Data Subject Access Request (DSAR) is when a consumer asks a business to provide information regarding what data they have shared, where they have shared it, and why. DSARs are a common factor among almost all data privacy laws worldwide. It’s important that you know what they are, what purpose they serve, and how you can fulfill them within the law.
Under law, your business is obligated to respond to DSARs within a certain time frame, and with full transparency and disclosure. This can be tricky, depending on where your DSAR originated from. However, it doesn’t have to be!
6 Steps to DSAR
Know your audience
When you receive a DSAR, you first need to establish that it’s coming from an accurate source. Before disclosing information, make sure the request originates from the right person.
Ask the right questions
As a business, you have a right to know why someone wants to see their data. Sometimes, it is for informational purposes only. Other times, it’s because they want to correct or delete data. Before you submit a formal response, make sure you’re guiding the requestor in the right direction.
Take a close look at the information you’re sending off to someone. You don’t want someone else’s information to inadvertently be disclosed – or even your own for that matter.
Format like a pro
Different regions require different formatting in order for the data disclosed to be considered clear, readable, and understandable. Are you sure you’re using the right format?
Fight for their rights
Always explain rights to your end user. Don’t try to hide anything from them – that could land you in hot water. Inform them of what they are and are not entitled to.
Document, document, document
Make sure you keep accurate records of everything you send and receive. That way, in case of an audit, you have a solid paper trail of your efforts.
Still scratching your head on how to comply? Don’t worry – we’ll show you how.
Read the eBook to see how easy it can be to become DSAR compliant.