June 15, 2021
Data Subject Access Requests (or DSARs) are when an individual that you process data about contacts your business requesting access to their information or personal data. This could be an app user, email signee or even someone who is a member of a group you own.
There is a certain process you need to follow as a business when hit with a DSAR, so keep reading to find out more…
Top tip: Keep our glossary open for any terms you are unsure about.
Incoming! Someone wants to access their information or personal data. You now have one month from that message to respond to their message.
Top tip: At NO point should you delete ANY personal data during this process in order to avoid giving it to the individual: This is a criminal offence.
You may need clarification to find out exactly what the individual (in this case, the data subject) would like. If you need more clarification, you no longer have one month to respond: The clock stops and starts again once the individual has clarified further.
Skip to stage 3 if you are clear on what the data subject needs.
Top tip: Fees for responding to a DSAR can rarely be charged. If you think the request is excessive or unfounded, you should seek legal advice. Factors might include:
If you have any doubts at this point about whether you need to provide the individual with the information requested, it’s best to chat with a legal advisor.
Top tip: You may need to create and review your data protection policies including:
We help our clients navigate DSARs, so if you'd like support with one that's landed on your desk, or getting your house in order in case one touch, contact us now.