{"id":29564,"date":"2021-02-11T10:53:51","date_gmt":"2021-02-11T16:53:51","guid":{"rendered":"https:\/\/www.filecloud.com\/blog\/?p=29564"},"modified":"2021-02-15T11:06:08","modified_gmt":"2021-02-15T17:06:08","slug":"all-you-need-to-know-about-data-subject-access-requests-dsars","status":"publish","type":"post","link":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/","title":{"rendered":"All You Need to Know About Data Subject Access Requests (DSARs)"},"content":{"rendered":"<h3><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-27427\" src=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2020\/06\/undraw_file_sync_ot38.png\" alt=\"\" width=\"1402\" height=\"952\"><\/h3>\n<h3><strong>What is DSAR?<\/strong><\/h3>\n<p>Data Subject Access Requests (DSARs) are a common requirement in privacy regulations including the CCPA and GDPR. These regulations provide individuals with the right to request a copy of all information a company has about them, make changes to the information, and even demand its deletion.<\/p>\n<p>An individual who makes a DSAR is entitled to receive a confirmation that you are processing their personal data, a copy of that data, your privacy notice, and supplementary information.<span id=\"hs_cos_wrapper_post_body\" class=\"hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text\" data-hs-cos-general-type=\"meta_field\" data-hs-cos-type=\"rich_text\">DSARs aren\u2019t new. Organizations and governments have used them for years. But recent consumer data privacy regulations introduced several changes that made it easier for individuals to make requests. The changes go a long way toward transparency in data processing, but they create some challenges for organizations.<\/span><\/p>\n<p>DSARs are not limited to customers; anyone whose personal data you collect \u2014 including employees and contractors \u2014 has the right to submit one.<\/p>\n<h3><strong>Types of Data Subject Requests<\/strong><\/h3>\n<p>DSARs can be grouped into four categories, according to the rights involved.<\/p>\n<ul>\n<li>Access Requests<\/li>\n<\/ul>\n<p>The Right of Access<\/p>\n<ul>\n<li>Portability\u00a0 Request<\/li>\n<\/ul>\n<p>The Right to Portability<\/p>\n<ul>\n<li>Change Request<\/li>\n<\/ul>\n<p>Right to Rectification<\/p>\n<p>Right to Erase<\/p>\n<p>Right to Request Delete<\/p>\n<ul>\n<li>Objection Request<\/li>\n<\/ul>\n<p>Right to Restriction of Processing<\/p>\n<p>Right to Object Data Processing<\/p>\n<p>Right to Opt-out<\/p>\n<p>Right to Object to Automated Decision Making and Profiling<\/p>\n<h3><strong>What Should be in a DSAR Response?<\/strong><\/h3>\n<p>Individuals <em>do not <\/em>need a reason to submit a DSAR. Subjects can request to see their data at any time. Organizations may only ask questions that verify the subject\u2019s identity and help them locate the requested information.<\/p>\n<h3><strong>Steps in DSAR<\/strong><\/h3>\n<ol>\n<li>Get Request<\/li>\n<li>Request Logging<\/li>\n<li>\u00a0Identity Verification<\/li>\n<li>\u00a0Prioritization<\/li>\n<li>\u00a0Data Collection<\/li>\n<li>\u00a0Validation<\/li>\n<li>\u00a0Communication<\/li>\n<\/ol>\n<h3><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29579\" src=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/02\/DSAR-steps.png\" alt=\"\" width=\"833\" height=\"481\"><\/h3>\n<h3><strong>Get Request<\/strong><\/h3>\n<p>Unless you give your customers an easy way to submit DSARs, they are likely to use the first company email address they find. It\u2019s smart to have an online DSAR form since it helps ensure that requests go to the correct place and contain all the required information.<\/p>\n<p>\u00a0<\/p>\n<h3><strong>Request Logging<\/strong><\/h3>\n<p>Assign responsibility for creating and updating a record of each DSAR to an individual or department. You might have them develop a spreadsheet that shows the date of the request, its status, and other essential information for tracking progress.<\/p>\n<p>\u00a0<\/p>\n<h3><strong>Identity Verification<\/strong><\/h3>\n<p>Verify the identity of the person making the request before responding. You may not ask for protected data you don\u2019t already have, but you can ask the requester to provide personal information you do have to authenticate the request. The data you request for verification must be proportionate to the request.<\/p>\n<h3><strong>Prioritization<\/strong><\/h3>\n<p>Process the requests according to factors like complexity or degree of legal or business risk to ensure that work is prioritized properly and ensure that response deadlines are met.<\/p>\n<h3><strong>Data Collection<\/strong><\/h3>\n<p>Collect all records containing the individual\u2019s data, along with the following supplementary documentation<\/p>\n<ol>\n<li>Your privacy notice<\/li>\n<li>A statement of the purpose for processing private data<\/li>\n<li>The categories of personal data collected<\/li>\n<li>The recipients (or categories of recipients) with whom you shared the personal data<\/li>\n<li>How long you hold personal data<\/li>\n<li>Advice on any additional rights the user has, such as the right to object to processing or the right to request erasure or rectification or to lodge a complaint with a supervisory authority<\/li>\n<li>Where you obtained the data, if it was not directly from the subject<\/li>\n<li>The existence of any automated decision-making that took place using the data<\/li>\n<li>Security measures you use when transferring data to a third part<\/li>\n<\/ol>\n<h3><strong>Validation<\/strong><\/h3>\n<p>Review each response for completeness and accuracy. You may decide to require review by legal counsel before sending the response to the requester.<\/p>\n<h3><strong>Communication<\/strong><\/h3>\n<p>Share the response securely and confidentially with the requester. Remember that you must respond within the timeframe defined by the applicable regulation which is 30 days of the request received.<\/p>\n<h3><strong>The Challenge<\/strong><\/h3>\n<p><span id=\"hs_cos_wrapper_post_body\" class=\"hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text\" data-hs-cos-general-type=\"meta_field\" data-hs-cos-type=\"rich_text\">The challenge, however, is <em>finding<\/em> the personal information you\u2019re supposed to turn over. There\u2019s been a massive growth in data collection and proliferation over the last decade, but organizations tend to pay little attention to data governance and management. Basically, data is everywhere, but most organizations don\u2019t have it inventoried.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is DSAR? Data Subject Access Requests (DSARs) are a common requirement in privacy regulations including the CCPA and GDPR. These regulations provide individuals with the right to request a copy of all information a company has about them, make changes to the information, and even demand its deletion. An individual who makes a DSAR [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[284],"tags":[1134,890,1580,288],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.13 (Yoast SEO v20.13) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>All You Need to Know About Data Subject Access Requests (DSARs) - FileCloud blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"All You Need to Know About Data Subject Access Requests (DSARs)\" \/>\n<meta property=\"og:description\" content=\"What is DSAR? Data Subject Access Requests (DSARs) are a common requirement in privacy regulations including the CCPA and GDPR. These regulations provide individuals with the right to request a copy of all information a company has about them, make changes to the information, and even demand its deletion. An individual who makes a DSAR [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/\" \/>\n<meta property=\"og:site_name\" content=\"FileCloud blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/tonidopage\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-11T16:53:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-15T17:06:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2020\/06\/undraw_file_sync_ot38.png\" \/>\n<meta name=\"author\" content=\"Team FileCloud\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@getfilecloud\" \/>\n<meta name=\"twitter:site\" content=\"@getfilecloud\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Team FileCloud\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/\"},\"author\":{\"name\":\"Team FileCloud\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935\"},\"headline\":\"All You Need to Know About Data Subject Access Requests (DSARs)\",\"datePublished\":\"2021-02-11T16:53:51+00:00\",\"dateModified\":\"2021-02-15T17:06:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/\"},\"wordCount\":693,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\"},\"keywords\":[\"CCPA\",\"data privacy\",\"DSAR\",\"GDPR\"],\"articleSection\":[\"data governance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/\",\"url\":\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/\",\"name\":\"All You Need to Know About Data Subject Access Requests (DSARs) - FileCloud blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#website\"},\"datePublished\":\"2021-02-11T16:53:51+00:00\",\"dateModified\":\"2021-02-15T17:06:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.filecloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"All You Need to Know About Data Subject Access Requests (DSARs)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#website\",\"url\":\"https:\/\/www.filecloud.com\/blog\/\",\"name\":\"FileCloud blog\",\"description\":\"Topics on Private cloud, On-Premises, Self-Hosted, Enterprise File Sync and Sharing\",\"publisher\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.filecloud.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\",\"name\":\"FileCloud\",\"url\":\"https:\/\/www.filecloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg\",\"contentUrl\":\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg\",\"width\":155,\"height\":40,\"caption\":\"FileCloud\"},\"image\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/tonidopage\",\"https:\/\/twitter.com\/getfilecloud\",\"https:\/\/www.linkedin.com\/company\/codelathe\",\"https:\/\/www.pinterest.com\/filecloud\/filecloud\/\",\"https:\/\/www.youtube.com\/channel\/UCbU5gTFdNCPESA5aGipFW6g\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935\",\"name\":\"Team FileCloud\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g\",\"caption\":\"Team FileCloud\"},\"sameAs\":[\"http:\/\/www.filecloud.com\"],\"url\":\"https:\/\/www.filecloud.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"All You Need to Know About Data Subject Access Requests (DSARs) - FileCloud blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/","og_locale":"en_US","og_type":"article","og_title":"All You Need to Know About Data Subject Access Requests (DSARs)","og_description":"What is DSAR? Data Subject Access Requests (DSARs) are a common requirement in privacy regulations including the CCPA and GDPR. These regulations provide individuals with the right to request a copy of all information a company has about them, make changes to the information, and even demand its deletion. An individual who makes a DSAR [&hellip;]","og_url":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/","og_site_name":"FileCloud blog","article_publisher":"https:\/\/www.facebook.com\/tonidopage","article_published_time":"2021-02-11T16:53:51+00:00","article_modified_time":"2021-02-15T17:06:08+00:00","og_image":[{"url":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2020\/06\/undraw_file_sync_ot38.png"}],"author":"Team FileCloud","twitter_card":"summary_large_image","twitter_creator":"@getfilecloud","twitter_site":"@getfilecloud","twitter_misc":{"Written by":"Team FileCloud","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#article","isPartOf":{"@id":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/"},"author":{"name":"Team FileCloud","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935"},"headline":"All You Need to Know About Data Subject Access Requests (DSARs)","datePublished":"2021-02-11T16:53:51+00:00","dateModified":"2021-02-15T17:06:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/"},"wordCount":693,"commentCount":0,"publisher":{"@id":"https:\/\/www.filecloud.com\/blog\/#organization"},"keywords":["CCPA","data privacy","DSAR","GDPR"],"articleSection":["data governance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/","url":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/","name":"All You Need to Know About Data Subject Access Requests (DSARs) - FileCloud blog","isPartOf":{"@id":"https:\/\/www.filecloud.com\/blog\/#website"},"datePublished":"2021-02-11T16:53:51+00:00","dateModified":"2021-02-15T17:06:08+00:00","breadcrumb":{"@id":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.filecloud.com\/blog\/all-you-need-to-know-about-data-subject-access-requests-dsars\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.filecloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"All You Need to Know About Data Subject Access Requests (DSARs)"}]},{"@type":"WebSite","@id":"https:\/\/www.filecloud.com\/blog\/#website","url":"https:\/\/www.filecloud.com\/blog\/","name":"FileCloud blog","description":"Topics on Private cloud, On-Premises, Self-Hosted, Enterprise File Sync and Sharing","publisher":{"@id":"https:\/\/www.filecloud.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.filecloud.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.filecloud.com\/blog\/#organization","name":"FileCloud","url":"https:\/\/www.filecloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg","contentUrl":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg","width":155,"height":40,"caption":"FileCloud"},"image":{"@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/tonidopage","https:\/\/twitter.com\/getfilecloud","https:\/\/www.linkedin.com\/company\/codelathe","https:\/\/www.pinterest.com\/filecloud\/filecloud\/","https:\/\/www.youtube.com\/channel\/UCbU5gTFdNCPESA5aGipFW6g"]},{"@type":"Person","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935","name":"Team FileCloud","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g","caption":"Team FileCloud"},"sameAs":["http:\/\/www.filecloud.com"],"url":"https:\/\/www.filecloud.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/29564"}],"collection":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/comments?post=29564"}],"version-history":[{"count":5,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/29564\/revisions"}],"predecessor-version":[{"id":29594,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/29564\/revisions\/29594"}],"wp:attachment":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/media?parent=29564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/categories?post=29564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/tags?post=29564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}