Subject rights (DSAR) overview

  • Updated

Data Subject Access Request (DSAR) has become the industry shorthand for any request regarding personal information made by an individual exercising a consumer right provided by a privacy law. DSARs can include requests for a summary of personal data collected, requests to delete personal data, or requests to correct incorrect personal data currently stored. Sometimes, Subject Rights Request (SRR) is used to refer broadly to any request, while DSAR is used specifically for access requests, however most of the industry treats these terms interchangeably and at Osano they mean the same thing. 


Summary of Rights

Most privacy laws like GDPR and CCPA/CPRA require that:

  1. Companies must provide a way for consumers to submit requests.
  2. Companies cannot charge a fee for responding to most requests.
  3. Requests must be fulfilled within 30 days of receipt (GDPR) or 45 days (CCPA/CPRA).

Failure to respond to requests in an accurate and timely fashion can potentially result in the consumer filing a complaint with the enforcement agency in their jurisdiction leading to lawsuits, fines, and damaging headlines that erode consumer trust and make it more difficult to focus on your core business.


Why Subject Rights

At present, many businesses lack a strategic approach to subject rights management and respond to incoming requests in a reactive fashion. Responding in this way generally requires calling on resources across the business to track personal data that itself is scattered across multiple data sources. Each step in this approach is manual and pulls people away from their core functions to build a comprehensive response to the customer piece by piece. Given the growing number of subject rights requests to businesses and the time and cost involved in responding to them one by one, the need for a subject rights management solution is clear.


Osano Subject Rights Workflows

Osano’s solution is simple, consolidating requests in one place and automating as many steps end-to-end as is desirable. Before you can begin processing requests however, you'll need to set up Osano. Follow each of the guides for users, data stores, and forms to configure Osano.

  1. Setup your users. 
  2. Setup your data stores.
  3. Setup your forms.

Once setup, you can begin to use your Request Workflow.