What Exactly Is a DSAR: Most companies have data on customers, employees, products and other areas that are valuable to the company. However, there may be times when a person wishes to access this data. This is called a DSAR (Data Subject Access Request.) What is a data subject access request? Read on to find out!
What Is a DSAR and What Does It Stand For?
DSAR stands for Data Subject Access Request. A DSAR is a written request made by an individual, asking for confirmation that their personal data is being processed by an organization, as well as for a copy of this data. It also allows individuals to request that their data be erased or destroyed, if they so wish.
What Are the Rights of the Data Subject?
Under GDPR, all data subjects have the right to access their personal data, as well as the right to have this data erased or destroyed. They also may object to its processing, and the right to data portability.
What Are the Obligations of the Organization?
Under GDPR, organizations must respond to DSARs within one month, unless the request is complex or there are a large number of requests. Organizations must also provide data subjects with a clear and concise explanation of their rights, as well as what personal data is being processed and why.
Types of Data That Can Be Requested Through a DSAR
The data that can be requested through a DSAR includes names, addresses, contact details, email addresses, IP addresses, national insurance numbers, financial information, and photos. A DSAR does not have to include all of this information, but can be tailored to the specific data that the individual is requesting.
Who Can Make a DSAR?
Any individual who has their personal data processed by an organization can make a DSAR. This includes customers of the organization, employees of the organization, and individuals who are not customers or employees of the organization.
How to Make a DSAR?
Making a DSAR is simple. One simply needs to write a letter or email to the organization asking for their personal data. The letter or email should include the individual’s name, address, and contact details.
What Happens After a DSAR Is Made?
After a DSAR is made, the organization has one month to respond to the individual. The response should include confirmation that the organization is processing the individual’s personal data, as well as a copy of this data. If the organization does not respond to the DSAR within one month, the individual can make a complaint to the Information Commissioner’s Office (ICO).
How to File a Complaint With the ICO?
The ICO can be contacted by phone, email, or post. The contact details for the ICO are as follows:
- Information Commissioner’s Office
- Wycliffe House
- Water Lane
- Wilmslow
- Cheshire
- SK9 5AF
- Telephone: 0303 123 1113
- Email: casework@ico.org.
What Are the Consequences of Not Responding to a DSAR?
If an organization does not respond to a DSAR within one month, the individual can make a complaint to the ICO. The ICO may then issue a notice to the organization requiring it to respond to the DSAR. If the organization still does not respond, the ICO may take enforcement action against the organization. This could include issuing a fine.
The Benefits of Making a DSAR
There are several benefits of making a DSAR. These include the following:
- The individual can find out what personal data the organization is processing about them.
- The individual can find out how the organization is using their personal data.
- The individual can find out who the organization has shared their personal data with.
- The individual can find out how long the organization intends to keep their personal data.
- The individual can ask the organization to correct any inaccurate or incomplete information about them.
- The individual can ask the organization to stop processing their personal data.
- The individual can withdraw their consent to the organization processing their personal data.
Conclusion
A DSAR is a powerful tool that allows individuals to access the personal data that organizations hold about them. It also allows individuals to object to the processing of their personal data, and to ask for it to be erased or destroyed. Organizations must respond to DSARs within one month, unless the request is complex or there are a large number of records involved. If an organization does not respond to a DSAR, the individual can make a complaint to the ICO.
Also Read – Jerry Dias Union Leader (March) Checkout Here!
