Data Subject Access Requests (DSARs): What You Need to Know


When it comes to cookie consent and data privacy laws, Data Subject Access Requests (DSARs) play a big part in keeping your business compliant  

Any individual can submit a DSAR to see where their information is going, has gone, where it was stored, and why. Where the user is located definitely counts. For instance, an end user in Virginia will have lawful rights to receive that information whereas someone in Ohio would not. Whew!  

 

Laws like the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA) all give residents of those regions the right to get that information in a timely fashion – typically about thirty to forty days.


If a business does not comply with this, they could be fined or risk their reputation. Many small businesses think they are immune to these laws simply because they do not get many DSARs. That could not be further from the truth. Even one DSAR that gets lost in the shuffle could cost $7,500 at the least.  

 

Reasons for a DSAR  


You probably don’t know why someone is submitting a DSAR. It could be because their name changed due to marriage, and they want to ensure all the information is accurate. It could be that they are getting targeted ads on social media. Or, it could be that they are simply curious about what information has been submitted and where it’s gone.  

 

In your response, you can ask questions like:  

 

  • Why did you submit this DSAR? 

  • Would you like to correct information?  

  • Would you like to delete information?   

  • Have you seen ads you don’t like on social media?  

  • Has your information changed since the last time you filled out a form here? 

  • Did a shop or store ask you a question about something you don’t feel comfortable answering?   

 

This will help you narrow down exactly what you need to provide. It will also help you in the future if your business is audited. Creating a digital trail of exactly what your end users asked for, why, and when you submitted it is key.  

 

Things to Know About Cookie Consent  


A cookie consent banner sets the stage for a DSARGood consent banners will give end users three options. Accept all cookies, decline all cookies, and manage preferences for cookies. This is where the DSAR comes in. If users want to manage their cookies, they will also be able to request information from you.  

 

A DSAR solution is the second step in becoming globally compliant with data privacy laws worldwide. That’s right – worldwide! Many of these laws are very similar, so they have the same requirements. You need to ask for user consent, then be able to deliver the information to the user if they request it.  

 

DSARs: The Lowdown  

 

  1. A user requests information  

  1. You verify what and why the user is requesting – so you can deliver the answer as efficiently as possible  

  1. Record the request and the response in case a lawmaker asks you about it later  

  1. Only keep the records for the minimum amount of time needed 

  1. Have a disposal method for the information you can no longer store  

 

One of the most important parts of these steps is that you take DSARs seriously, respond to them, and do not keep customer information for longer than you absolutely need to. Remember that even end user request as they fill out the form counts as information.  

 

Anything that an end user enters on your website has to be carefully guarded and managed according to the law.  

 

Adzapier is on the way!  

 

Adzapier has a number of different tools. Cookie Consent Management is the first thing, of course! However, even if you have a different cookie consent tool set up, you can use our DSAR Management tool. This will help you keep track of when requests are submitted and how you need to respond, when, and why.  

 

Many businesses are getting fined for non-compliance. It’s not just big businesses, either. In any case, the loss of your good reputation can be a big hit when someone complains that they didn’t receive a DSAR response within a timely fashion.  

 

Our data privacy experts understand the ins and outs. They can get you set up within a few minutes! You won’t have to worry about fines, damaging claims on your reputation, or data that got lost. It happens… we’ve all been there! Plus, we’ll also give you a cookie banner for 14 days. That’s right – you don’t have to pay a dime for this! Figure out if it’s right for your business and go from there. We’re always available to help.  

 

Schedule a Demo  

 

Location: United States

Comments

Post a Comment

Popular posts from this blog

Saudi Arabia’s Personal Data Protection Law: An Overview

Image
The Saudi Arabia ’s Personal Data Protection Law (PDPL) is the first data privacy law that was enacted by the Saudi Arabian government. The law was designed to protect the privacy of personal data of individuals that is collected, processed, and stored by businesses operating in Saudi Arabia.    But that’s not it ! The PDPL also applies to any person or business that collects or processes personal data in Saudi Arabia, regardless of whether they are based in the country or not. The law applies to all types of personal data, including data that is collected online and offline.       If this sounds a lot like the General Data Protection Regulation (GDPR), you’re absolutely right . The GDPR has set the standards for many data privacy laws around the world, including Brazil’s LGPD, California’s CCPA, and Virginia’s VCDPA. And now, it’s PDPL too . There are a few differences, though.      Personal data is defined under the PDPL as any informa...
Read more

Fintech: Consent Management in Open Banking

Image
For third-party financial service companies regulated by legal entities to access customers' bank transaction history securely, open banking requires their permission. Consumers can now use digital payments more easily thanks to the available banking model, which enables banks and other third parties to turn information into personalized financial advice or recommendations, such as recommending a savings account to maximize interest rates or making offers based on a customer's specific credit score.       According to research, 51% of Americans are optimistic about the future of open banking . However, they still need to figure out how third parties gather their data and what information they genuinely want to give. According to 2019 research, 73% of consumers were concerned about how brands utilized their data , making consent management and compliance in open banking a hot topic.       Financial institutions (FIs) and other Fintech startups must keep up w...
Read more

Is a Cookie Consent Banner Required for My Website in the United States?

Image
Ah, cookie consent banners. They’re a hot topic around the world right now. As fines continue to stack up from the E.U.’s General Data Protection Website Regulation (GDPR), to the California Consumer Protection Act (CCPA), many business owners are wondering: “Is a cookie consent banner a requirement in the United States?”     It certainly seems like. But then, taking a look at the law, it doesn’t seem like there’s anything that explicitly states a business must have a cookie banner in the United States.      Ah-ha! But that’s simply not true.      There is officially no federal law stating that your business must have a cookie banner. But state laws like the CCPA and the Virginia Consumer Data Protection Act (VCDPA) say that businesses must provide notice, collect consent, maintain records, and allow end users to manage their preferences easily. And while they may not say “cookie banner” explicitly, that’s exactly what a cookie banner ...
Read more