Secure Unstructured Data on Snowflake With Protecto UDF

Steps Involved In A Data Subject Access Request (DSAR)

SHARE THIS ARTICLE

Table of Contents

What is DSAR?

With the advent of GDPR, a term DSAR was introduced. A Data Subject Access Request (DSAR) refers to a petition by a customer to an organization regarding personal data. DSARs give individuals the right to discover what kind of data an organization is holding about them, why the organization is holding that data, and allow them to request the organization to delete that data. The organization receiving this request is expected to complete it within the stipulated time. The steps involved in a Data Subject Access Request (DSAR) are listed below.

633fdcc5ab67d8d04d0b97ed info1 1 -
Source: Wirewheel

A data subject can make his/her request via email or an online form. The company then needs to verify the requestor’s identity and existence within their data ecosystem and track the application through to resolution within the required time.

Interesting Read:”Unlocking AI’s Full Potential: An Independent Trust Layer is Key

Types of Requests Received via DSAR

The Data Subject Access Request (DSARs) typically includes:

  • Contactinformation of the data subject (name, email, and phone number).
  • Delete theinformation of the data subject.
  • Information on where the individual’s data is shared.
  • Data Subjects can add any context to their request.

Steps Involved in a Data Subject Access Request (DSAR)

633fdcc5ab67d87d7d0b97ee Info2 -
Source: Wirewheel

1. Accepting the Request

Seamless access to all data sources is a prerequisite for building an inventory of personal data to evaluate your privacy risk exposure and enforce privacy rules. The companies accept requests from the data subjects via online forms or emails.

2. Verifying the Identity

Checking the requestor’s identity could be done by asking to see a photo ID, such as a passport or driving license or a utility bill, or request a face-to-face meeting with the data subject.

3. Identifying the Type of Request

Once the validation is completed, the data protection officer identifies the type of request.

4. Assigning the Request

Based on the type of requests received by the DPO, the request is forwarded to an analyst. The analyst is chosen based on the nature of the personal data requested by the data subject, the rights associated with user groups.

5. Collection of Data

The personal data is collected and reviewed across all records holding information based on the type of data subject request.

6. Packaging the Data

Depending on the type of data subject request, the format of the data is decided. The data obtained from various third-party Data Processors need to be organized in the requested format and reviewed by the DPO.

Suggested Read: Shadow AI: The Emerging, Invisible Problem Putting Your Company’s Data at Risk

7. Add Additional Information

DPOs must make sure the information is complete and comprehensive. For complex requests, the deadlines under GDPR and CCPA can be extended, provided that you advise the requestor of the reasons for extending the time scale before the expiry of the initial 30 days.

8. Deliver the Data

The last step is to share the response with the data subject ensuring you reference the original request in your response. Always ensure you keep an exact copy of all the information sent and keep a record of your response in your Data Subject Access Request log.

9. Document the DSARs

The final step in your journey to GDPR compliance involves auditing. All communications and activities should roll into a reporting dashboard and audit trail to demonstrate accountability, compliance, and progress towards resolving requests.

Join Our Newsletter
Stay Ahead in AI Data Privacy & Security
Related Articles
A quick checklist for employers to enable working from home during COVID-19....
Discover seven reasons why you shouldn’t ignore DataGovOps....
Learn the top 5 reasons why data governance programs fail and how to avoid them....

Download Playbook for Securing RAG on Snowflake Cortex AI

A Step-by-Step Guide to Mastering Enterprise-Grade RAG Security on Snowflake.