Introduction

Most privacy regulations provide a data subject with certain rights pertaining to their data such as a right to access or to request deletion of their data. Collectively, these rights are known as Data Subject Access Requests (DSAR) and it is an important facet of privacy laws such as the General Data Protection Regulation (GDPR) and the Consumer Privacy Rights Act (CPRA) in California.

A data subject's rights correspond to the rights granted to them by the state or country has passed a data privacy law. Data subjects must typically take some action, such as submitting a privacy request, to exercise their data rights.

Any data subject (that is, anyone whose personal data your company has collected and stored) may submit a DSAR, so long as they are protected by an applicable regulation. Generally, data subjects are customers or end-users, such as e-commerce clients, but can also include employees, former employees, contractors, suppliers, sales prospects, etc…

Some of the key rights granted to data subjects via privacy laws include:

• The right of access (or right to know): The right for a data subject to find out what personal data a company holds on them and to receive a copy of the data held.

• The right of deletion: The right for a data subject to erase the personal information that a company has collected from them.

• The right to opt-out: The right for a data subject to withdraw their consent to the processing of their personal information (e.g., a request to “do not sell” my personal data).

Didomi offers the Privacy request feature to enable your organization to collect and manage end-user DSARs.