Glossary / Privacy
Data Subject Access Request (DSAR)
A data subject access request (DSAR) is a formal request from an individual to an organization to provide a copy of all personal data held about them, along with information about how that data is processed.
Also: DSAR, subject access request
A data subject access request is a right granted by privacy regulations that allows individuals to ask organizations what personal data is held about them and how it is being used. Under the GDPR, the organization must respond within one month, providing a copy of the data, the purposes of processing, the categories of data involved, the recipients with whom it has been shared, and the planned retention period.
The request can be made by any means, and the response must be provided in a commonly used electronic format when submitted electronically. Organizations must verify the identity of the requester before fulfilling the request to prevent unauthorized disclosure.
Handling DSARs at scale requires the ability to locate and compile personal data from every system where it is stored, which in a modern architecture may span databases, logs, email systems, and third-party integrations.
For CIAM, supporting DSARs means the identity platform must provide tooling that aggregates a complete view of a customer’s data across all connected systems for export on request.
Sources
- Regulation (EU) 2016/679 (GDPR): https://eur-lex.europa.eu/eli/reg/2016/679/oj
Related terms
Standards
- Regulation (EU) 2016/679