In short
A formal request from an individual exercising their right of access under GDPR (Article 15).
Organisations must respond within 30 days, providing a copy of all personal data held, the purposes of processing, any third parties it has been shared with, and the retention period.
Where it bites
DSAR (Data Subject Access Request) matters when a workflow touches personal data, accessibility law, or procurement risk. The cost is rarely the definition; it is the unowned process behind it.
What to check
- Which legal trigger applies?
- Where is the process documented?
- Who can prove the control works in production?
Common questions
What is DSAR (Data Subject Access Request)?
A formal request from an individual exercising their right of access under GDPR (Article 15).
Why does DSAR (Data Subject Access Request) matter?
DSAR (Data Subject Access Request) matters when a workflow touches personal data, accessibility law, or procurement risk. The cost is rarely the definition; it is the unowned process behind it.
What should you check first for DSAR (Data Subject Access Request)?
Which legal trigger applies? Where is the process documented? Who can prove the control works in production?