Explaining Data Subject Access Requests — DSARs

Cole PrudenDSAR, PII, Right of Access

An illustrative picture for a blog post on DSAR by PII Tools

As a company owner in the 21st century, simply staying up-to-date on data compliance regulations will no longer cut it. Especially with the introduction of the GDPR in Europe, people have grown more interested in protecting their private information than ever before. So, when the time comes and one of your employees or customers makes a subject data access request, what do you do?

What Is a DSAR?

Under Data Protection Act 1998, everyone has the right to make a data subject access request, or DSAR. The company’s job is to then send a copy of the information they keep on that person. Of course, DSARs aren’t completely something new, but awareness of the right to make a request, as well as the desire to do so, has risen since the GDPR went into effect.

Not only have internet users and company employees, as well as pretty much everyone else online, become more aware of their DSAR rights, but they’ve also become more concerned. There are many reasons for this concern plastered all over our newsfeeds. In fact, there’s a very high chance that all of our personal data has already been stolen or lost by the likes of Facebook, Equifax, and even LinkedIn, just to name a few.

Source: PlanetVerify

SARs and SRRs

Now that we’re more familiar with DSARs, it’s worth noting a few other terms you may run into. Almost identical to a DSAR is simply an SAR, or Subject Access Request. An SAR was essentially the previous version of a DSAR before the GDPR outlined everyone’s right of access.

The other term you should know is Subject Rights Request, or SRR. Although also quite similar to a DSAR, an SRR specifically covers the subject’s right to obtain copies, request copies, and even request that their data be deleted. As SARs and SRRs both fall under the umbrella that is a DSAR, we’ll just focus on DSARs going forward.

Our Responsibility

As a company owner, our concern is more focused on actually receiving DSARs than issuing them ourselves. The process of receiving one may be easier than you think. Say you run a business online that stores your customers’ personal information to any degree. That could be as simple as storing names and addresses to speed up their future purchases, or as far as recording race, marital status, bank information, health records, etc.

For you, your number one priority is receiving consent from your customers/employees to store this information, and then proceeding to ensure it lives in the correct regulation-compliant areas (depending on where you do business, you may need to adhere to GDPR, HIPAA, CCPA, LGPD, etc.). Just because you’ve done this, however, doesn’t mean you won’t receive a DSAR.

For whatever reason, one of your customers has sent you a DSAR. As the customer, it’s quite easy to do so. All they need to do is send you, or the relevant department, an email, a letter, or even a tweet requesting a copy of all the information you hold on them. Now comes the hard, or maybe the easy, part. Out of millions of pieces of data you store, how can you round up this one customer’s information and send it to them in the most cost-effective way possible?

The Benefits of a Data Discovery Tool

Assuming you don’t have the time to scrub through thousands of folders and millions of files, emails, and database records, your best option is turning to PII Tools. When used by an auditing professional or data protection officer (DPO), PII Tools’ self-hosted software can do everything from discovering sensitive data across all your platforms, to protecting you from suffering your own breach incident.

Source: PII Tools

Of course, that isn’t all. To make complying with DSARs as pain-free as possible, PII Tools software can instantly find all the data related to a specific entity held in any of your storages. Then, using PII Tools’ unique Analytics, you can filter and search for all the information you store related to whoever sent you the DSAR.

This technology takes all of the headaches and time-wasting out of DSAR searches. Your customers are sure to appreciate the quick response with their data, and you’ll appreciate having taken care of the issue as soon as possible. And just in case you’re worried PII Tools won’t be able to identify the specific types of data your company stores, just remember their software even goes as far as utilizing built-in OCR to analyze scanned or rotated documents and images.

A Pain-Free DSAR Experience

This new online business world can leave a lot of people feeling confused, especially with all the DSAR, SRR, SAR, GDPR, etc., acronyms not making it any easier. Luckily, there are experienced companies in the field, such as PII Tools, offering one-stop solutions to guide you through the maze of storing personal data.

Make handling DSARs one of the easiest (and fastest) tasks your DPO has to deal with. Gone are the days of manually searching for every piece of data you may or may not have stored on any given individual. And the best part? With PII Tools, you can then simply delete, quarantine, or move any personal information requested by your customers/employees.

Want to Know How PII Tools Helps With GDPR Compliance? Click Here to Find Out More

A cover image for the technical whitepaper detecting person names in text by PII Tools 2

Download our AI whitepaper

Detecting Personal Names in Text