Data Subject Access Request


Privacy regulations provide a right for individuals to make Data Subject Access Requests (DSAR) to an organization to access or correct or delete personal data the organization is processing about them. Individuals also have the right to know and obtain information about the purposes of personal data processing. DSARs can be submitted in different ways including over the web, in writing or verbally over the phone. 









Types of data subject access requests includes:

  • Limit/Restrict/Opt-Out: Requests to restrict sharing of individual’s information with affiliates and partners or limit the use of their personal data

  • Summarized Categories: Requests for summarized categories of information an organization has about individuals

  • Copy of Information: Request for copy of all information organization has about the individual

  • Update/Change/Collect Information: Request to change/update information about the individual particularly if it is inaccurate

  • Delete Data: Request to permanently erase or delete an individual’s personal data



Automation of DSAR 

Automation of response to DSARs improves efficiency and enables timely responses to all requests. Automation can be especially important if the Organization has limited resources supporting Privacy. Meru Data can quickly create and automate workflows within your organization for processing DSARs. 
Our workflows use automated APIs that can collect or delete necessary personal data from many systems. The workflows also can assign specific tasks that need to be handled manually to individuals and third-parties. Responses to certain questions can trigger additional workflows or alert process owners of potential issues ahead of time.


Validate and Acknowledge Request

Meru Data’s automated DSAR workflow consists of four key steps and includes notifications and alerts to internal stakeholders during the process. 

DataMap and DSAR 
For organizations to be able to respond to DSARs, they will need to discover and categorize all the systems where personal data is processed or stored. This data is often stored across different systems within an organization, in the cloud and also with external vendors and partners. A current and comprehensive DataMap will help to streamline this process. 

CCPA Toll Free Numbers
The California Consumer Privacy Act (CCPA) requires that businesses help consumers exercise their CCPA rights by providing two "designated methods for submitting a request." With some exceptions, businesses must provide a toll-free telephone number as one of the designated methods for submitting a request. 
Our DSAR solutions allows Organizations to add a toll-free number for individuals to submit DSARs. Our solution include: 
•    A dedicated toll-free number that can be included in the Organization’s privacy portal
•    Customizable audio messages 
•    Submit DSARs over the phone
•    Automated workflows to track and respond to phone requests
Requests placed through the toll-free number will appear in the same queue and will be processed along with the requests made through a web portal.  


DSAR Final 01.png