Subject rights (DSAR) overview

  • Updated

In today's privacy landscape, a Data Subject Access Request (DSAR) has become the standard term for any request made by an individual to exercise their rights regarding personal information under privacy laws. DSARs can encompass various requests, such as accessing personal data, deleting it, or correcting inaccuracies. While some may use the term Subject Rights Request (SRR) to broadly describe any such request and reserve DSAR specifically for access requests, the industry—and Osano—treat these terms as interchangeable.

Summary of Consumer Rights

Under major privacy regulations like GDPR and CCPA/CPRA, businesses must adhere to the following:

  • Request Submission: Companies must provide a clear and accessible method for consumers to submit their privacy-related requests.
  • No Fees: Companies are generally prohibited from charging a fee to respond to these requests.
  • Response Deadlines: Requests must be addressed within specific timeframes—30 days for GDPR and 45 days for CCPA/CPRA.

Failure to comply with these requirements can lead to severe consequences, including consumer complaints, legal action, fines, and negative publicity that can damage consumer trust and divert focus from your core business operations.

The Importance of Managing Subject Rights

Many businesses today handle subject rights requests reactively, which often involves pulling together resources from various departments to locate and manage scattered personal data. This manual, time-consuming process disrupts regular business activities and increases the cost and complexity of responding to an ever-growing number of requests. As a result, a strategic approach to subject rights management is no longer optional but essential.

Streamlining Subject Rights with Osano

Osano simplifies subject rights management by centralizing all requests in one place and automating as much of the process as you need. To get started with Osano, you'll need to configure a few key components:

  1. Setup Your Users: Define who will manage and respond to requests.
  2. Setup Your Data Stores: Identify and organize the locations where personal data is stored.
  3. Setup Your Forms: Create and customize forms to capture incoming DSARs.

Once these elements are configured, you can leverage Osano's Request Workflow to efficiently manage and process subject rights requests, ensuring compliance and freeing your team to focus on their primary responsibilities.