What is a Data Subject Access Request (DSAR)?

Learn what a data subject access request (DSAR) is, how to handle them, and why it's important for you to be aware of them.

Updated over a week ago

What is a Data Subject Access Request? (DSAR)

Data Subject Access Request (DSARs) are requests made by customers or users of an organization to gain access to personal information the organization has collected on them.

Some examples of personal data a business might collect are:

  • Mailing address and phone number

  • Demographic information like gender, hair colour, etc.

  • Order history

  • Billing information

  • And more

If you're an organization that collects data about its customers and/or users, it's important to know how to process a data subject access request (DSAR) as it’s legally required.

💡 Privacy Tip: Want to learn how Enzuzo can help you streamline DSARs for your business? Read our article, Getting Started with DSARs to get learn more.

What does a DSAR look like?

There are many ways that customers or users might submit a Data Subject Access Request. For example, by filling out a form on your website, by phone or email, or even contact you through one of your business's social media platforms.

DSARs can also be submitted verbally or in written form. It's important to complete the request as required by different privacy laws like the GDPR and CPRA.

In what ways do customers submit DSARs?

There are many ways customers can submit DSARs to a business or organization.

DSARs can be made in the following ways:

  • Your Enzuzo privacy policy

  • Using your DSAR form/page on your website

  • By telephone

  • By email or support chat

  • By mail

What type of information can be requested?

A Data Subject Access Request (DSAR) enables customers to request their personal data, why it was collected and used, and request erasure, correction or deletion of that data.

Enzuzo has four types of data subject access requests:

  1. Request to not share or sell data

  2. Delete all personal data

  3. Get a copy of personal data

  4. Unsubscribe from marketing communications

How long do I have to respond to a DSAR?

The time frame for your response depends on where the customer or user is located. Most laws require you to respond within 30 days of receiving the request. However, California Privacy Rights Act (CPRA) allows for a 45-day response time.

If you don’t respond before the deadline, you may be subject to possible fines and penalties (or even worse a tarnished reputation).

How to handle DSARs using Enzuzo

We’ve made it really easy to automate data subject access requests, making them less of a burden for small, medium and even enterprise-level businesses.

With Enzuzo, you can quickly and easily collect and respond to DSARs, helping you minimize your risk of expensive fines while maintaining your customers' trust.

Did this answer your question?