Data Subject Access Request is permission granted to a company holding information about a client, allowing them to use the client’s information. This process is sensitive, hence should be well documented, and a client well informed on the whole process of DSAR. Expand your knowledge through the DSAR request by Ethyca.
The 5 steps involved in processing a DSAR
Recognition of DSAR
The company holding information about a client starts by recognizing the willingness of a client to disclose their personal data. This is followed by documenting the request to publicly display their data and tracking the date and evidence showing the client request on a logbook.
Acknowledgment receipt
The company is then required to respond to the client acknowledging that the request has been received. This part is important as the company has to validate that the client is the owner of the information. The validation process entails recognizing the message and permission is from the client.
Collection of records
Here, the company is required to collect all the information they have about the client within 30 days. This entails all the information, whether digital or physical. If the information is really bulky, then 90 days is given to the company in charge.
Response review
The company should ensure all the documents and information requested are in line and are correct. Note that it could be a fraud if the company does not provide all the information requested by the requestor.
Share the response with the requestor
This is the final part where the requestor is provided with all the information needed. Also, here the requestor has the right to make any inquiries in case he doubts the information provided.
Types of Requests Received via DSAR
Contact information
This entails their personal information such as contact number, email address, and name. Did you know that some people take their data so seriously that they secure it with companies such as Ethyca? This information cannot be shared with anyone else unless DSAR is granted.
Deleting information
The client could request his information to be deleted from the company records. If such a request is done, the company has no right to retrieve the information or share it with anyone else.
Sharing information
A client could request a company to share his or her information with a requestor. As discussed above, those are the steps involved in processing a DSAR.
Data Subjects can add any context to their request
Some clients ask companies to add some data to the original data provided. This process also entails the above-mentioned procedure.
Some factors could lead to requests by the client to change the information provided by adding context. Such include, change of location, adoption of children, changes in work information, or change in marital status.
In conclusion, companies value the data or information entrusted to them by their clients, and most would not risk sharing or editing the information provided unless a DSAR consent is agreed upon.