Data Subject Access Request

Data subject access requests (DSAR) are when a consumer or individual asks to see what personal data a company or organization has collected about them.

Another common variation of this term is data subject request (DSR), which has a broader scope—referring to requests for access, correction, or deletion.

DSAR are a byproduct of modern privacy laws like the General Data Protection Regulation (GDPR) and US state privacy laws, all of which give consumers the ‘right to access.’

Right to access means consumers have the right to know what personal data a company has, how the data is being collected or used, how long it’s being stored—or any combination of the three.

After receiving a DSAR, organizations have either 30 or 60 days to respond (depending on the law), and the data must be sent to the consumer in a format that’s easy to read and transmit.