What is Data Subject Access Request (DSAR)?
A Data Subject Access Request is a formal request made by an individual to an organization to obtain confirmation of whether their personal data is being processed and, if so, to receive a copy of that data along with details about how it is used.
A Data Subject Access Request (DSAR) is a mechanism through which individuals exercise their right of access under data protection laws such as the GDPR (Article 15), CCPA/CPRA, DPDPA, and other privacy regulations. When an individual submits a DSAR, the organization must confirm whether it processes the individual's personal data and, if so, provide a copy of that data along with supplementary information about the processing activities, purposes, recipients, and retention periods.
Organizations must respond to DSARs within regulatory timeframes, typically one month under the GDPR (extendable by two months for complex requests) or 45 days under the CCPA. The response must be provided free of charge, though organizations may charge a reasonable fee or refuse manifestly unfounded or excessive requests. Identity verification is a critical step to ensure data is not disclosed to unauthorized individuals. Organizations must search across all systems, databases, backups, and third-party processors to provide a comprehensive response.
Managing DSARs at scale presents significant operational challenges, particularly for large enterprises with data spread across hundreds of systems. IQWorks streamlines DSAR fulfillment through SearchIQ for rapidly locating all data associated with a data subject, DiscoverIQ for maintaining an up-to-date inventory of data locations, and ComplyIQ for managing request workflows and tracking response deadlines.
Relevant Regulations
How IQWorks Helps
Related Terms
Right of Access
The right of access grants individuals the ability to obtain from an organization confirmation of whether their personal data is being processed and to receive a copy of that data along with key details about the processing.
Data Subject Rights (DSR)
Data Subject Rights are the legal rights granted to individuals under data protection laws, enabling them to control how their personal data is collected, used, stored, and shared by organizations.
Data Subject
A data subject is an identified or identifiable natural person whose personal data is being collected, held, or processed by an organization.
GDPR Article 15 (Right of Access)
GDPR Article 15 grants data subjects the right to obtain confirmation of whether their personal data is being processed and, if so, access to that data along with specific information about the processing.
Data Discovery
Data discovery is the automated process of identifying and cataloging personal data across an organization technology landscape, including databases, file systems, cloud storage, and SaaS applications.