guide

DSAR Processing

Check out the full Data Subject Access Rights Readiness Curriculum

For more on this topic, take the Course: Processing DSARs

2 min read

Share this doc:

The volume of DSARs submitted by customers and employees continues to increase as expectations evolve alongside data privacy regulations.

Whether you are new to responding to DSARs, or you are expecting an increase in requests, answer the following questions to help you make sure that your team and app are ready to process DSARs in a way that makes efficient use of your time and your resources.

Do you provide multiple options for users to submit a DSAR?

Define a reasonable number of submission options that are easy for your users and technically feasible for your team
Design infrastructure that centralizes requests from each submission option

Do you limit the amount of DSARs your users can submit over a given time period?

Define a reasonable cadence based on your resources (e.g., once every 2 weeks)
Review all applicable legislation to ensure your timeframes are legally acceptable
Formalize and communicate your DSAR processing procedures

Is it easy and intuitive for your users to submit a DSAR?

List the channels currently available to users for submitting a DSAR
Identify any channels that are hidden, cumbersome, or confusing
Define alternate channels for submitting DSARs if necessary

Have you integrated multi-factor authentication (MFA) to your DSAR user identity verification checks?

Review and revise mechanisms for user identity verification to ensure you are enforcing MFA before allowing a user to submit a DSAR

Do you have an identity graph that maps user identities to create a single view of your user's activity and more efficiently handle DSARs?

Define the various login options users can leverage, such as different SSOs
Build an identity graph that links user identities with their corresponding data

Have you implemented a DSAR log that maintains a record of all details of each request?

Build a log that registers requests and all relevant details, the action you took, and how long it took you to respond
Enable security measures that make the log tamper-proof
Confirm you have the ability to report on DSAR metrics when requested, and minimally, each year

Are you prepared for exceptions — however few and far-between they may be?

Review all relevant legislation and make a list of acceptable exceptions
Define your process for managing and responding to exceptions
Publish disclaimers, outline essential information for users, and formalize user communication related to exceptions

Next Steps

Evaluate the checklist and take note of the questions you answered “no” to. Review the guidance, identify the necessary stakeholder(s), and work together to make a plan to address gaps or optimize your processes.

For more on this topic, take the Course:

1 Course

Processing DSARs

This course walks you through creating an efficient processing workflow that will enable scale.

Get Started

Share this doc:

Your privacy matters.

By clicking "Accept All", you are agreeing to Data Protocol's Cookie Policy.