Log in Sign up for free
Legal glossary

Data subject access request: Overview, definition and example

What is a data subject access request?

A data subject access request (DSAR) is a request made by an individual (the data subject) to a company or organization, asking for information about the personal data the organization holds about them. Under data protection laws, like the GDPR, individuals have the right to access their personal data, and organizations must respond within a certain time frame.

Why is a data subject access request important?

A DSAR is important because it empowers individuals to understand how their personal data is being used, stored, and processed by an organization. It allows individuals to verify that their data is being handled correctly, make sure it's accurate, and ensure their rights under data protection laws are being respected. For organizations, responding to a DSAR correctly is crucial for compliance and maintaining trust with customers.

Understanding DSAR through an example

For example, an employee might submit a DSAR to their employer to ask for details about the personal data the company has collected during their employment, such as performance reviews, salary information, or contact details. The employer is required to provide a copy of the data held, along with information about how it’s being used and who it’s shared with.

Another example could be a customer who submits a DSAR to an online retailer, requesting access to data like their purchase history, shipping details, or customer support interactions. The retailer must provide the data within a set period, typically one month.

Example of a data subject access request clause

"The Data Subject may submit a request for access to their personal data by providing a written request to the Company. The Company shall respond within 30 days, providing a copy of the requested personal data and information about its processing."

Conclusion

A data subject access request is a critical tool for individuals to exercise their rights under data protection laws. For businesses, handling DSARs correctly is essential for ensuring compliance, protecting customer trust, and maintaining transparent data practices.

This article contains general legal information and does not contain legal advice. Cobrief is not a law firm or a substitute for an attorney or law firm. The law is complex and changes often. For legal advice, please ask a lawyer.

Last updated