Pryvii
All Terms

Data Subject Access Request

A formal request from an individual to obtain a copy of all personal data an organization holds about them.

A Data Subject Access Request (DSAR or SAR) is a request made by an individual under GDPR Article 15 to access the personal data an organization holds about them. Upon receiving a valid DSAR, the organization must confirm whether it processes the person’s data, provide a copy of that data in a commonly used electronic format, and supply supplementary information including the processing purposes, categories of data, recipients, retention periods, and information about the data subject’s rights.

Organizations must respond to DSARs within one month, extendable by up to two additional months for complex or numerous requests. The first copy must be provided free of charge, though reasonable fees may be charged for subsequent copies or manifestly unfounded or excessive requests. The main challenge with DSARs is locating all relevant personal data across multiple systems — CRM databases, email archives, analytics platforms, backup systems, and third-party processors must all be searched. A well-organized data inventory and clear internal procedures are essential for timely compliance.

Applies To

GDPRLGPDCCPAPIPEDA

How Pryvii Helps

Pryvii's DSR manager provides a dedicated intake portal for access requests, with automated workflows that help you locate, compile, and deliver personal data within the statutory one-month response deadline.

Related Terms

Consent WithdrawalA user’s right to revoke previously given consent for data processing at any time, as easily as it was given.Data ControllerThe entity that determines the purposes and means of processing personal data.Data SubjectAn identified or identifiable individual whose personal data is being collected or processed.Right to ErasureAn individual’s right to request the deletion of their personal data, also known as the right to be forgotten.
Data Subject Access Request — Pryvii | Pryvii