Often employees need to make a request to their employer for information. That's done through a DSAR. Find out here what is a Data Subject Access Request.
Although the GDPR is a European law, it affects any company that works with data from people in the EU. This means that if you sell goods or services globally, the law likely affects you too.
One thing companies need to learn to handle under the new GDPR rules is a data subject access request, or DSAR. But while you might have heard this term before, it's probably not immediately clear what it means.
What is a data access request, who can make one, and why are they needed? We've put together the answers to help your business out. Here's what you need to know about DSARs and GDPR compliance.
Data Subject Access Request: The Definition
A data subject access request is simply a written request someone makes to your company to learn more about the data you have on them.
Under the GDPR, everyone has a right to access personal data held by a business. With a DSAR, a subject is permitted to learn what data you have about them, why you have that data, and whether that data is disclosed with any other parties.
You may sometimes hear a data subject access request referred to as a subject access request, or a data access request. These terms all mean the same thing.
For businesses, responding to a data subject access request can get expensive. However, you are legally required by the GDPR to respond to these requests within a reasonable amount of time.
Also, even outside of the legal obligation, it's wise to respond to these requests quickly and accurately. People are more likely to trust your business when you're transparent about the data you have on them.
Who Can Make a Data Subject Access Request?
The two groups most likely to make a data protection subject access request are employees and customers. However, anyone who you hold data on can make this kind of request.
Once you receive the request, there are a lot of things to remember to meet the request correctly. For example, you'll typically have to provide the information free of charge, and within a month. Subjects can request this information in writing or electronically.
Why a Data Access Request Is Necessary
Meeting these requests poses a challenge for many companies. However, from the perspective of an employee or customer, it's easy to see why a DSAR might be necessary.
Data breaches have posed problems for millions of people in recent years. High-profile companies that mishandled user data made laws like the GDPR necessary. While your business might already use data responsibly, these laws help ensure every business will do the same.
With a data access request, individuals can get peace of mind about the companies they're associated with. They can also be proactive and take further steps to protect their own data.
Will You Need to Handle a DSAR?
You may never have gotten a data subject access request at your business yet. But it's wise to be prepared for the day when the first one comes in.
That preparation includes getting organized and creating a system to track user data. You can use a combination of automation and human creativity to build a system that will work well.
However, don't let your innovation stop there. Check out our Tech & Innovation section for more ideas to make your business prepared, streamlined, and cutting-edge, now and in the future!
