MeruData Infographics Post (6)_edited.png
Image by Markus Spiske


Privacy regulations provide the right for individuals to make Data Subject Access Requests (DSAR) to an organization to access, correct or delete their personal data being processed by the organization. Individuals also have the right to know and obtain information about the purposes of personal data processing. DSARs can be submitted in different ways, including over the web, in writing, or verbally over the phone.

Types of data subject access requests include: 

  • Limit/Restrict/Opt-Out: Requests to restrict sharing of individual’s information with affiliates and partners or limit the use of their personal data  

  • Summarized Categories: Requests for summarized categories of information an organization has about individuals  

  • Copy of Information: Request for copy of all information organization has about the individual  

  • Update/Change/Collect Information: Request to change/update information about the individual, particularly if it is inaccurate  

  • Delete Data: Request to permanently erase or delete an individual’s personal data 

Companies collect personal data and store them in many places across data centers.  To process these requests, it’s essential to first account for all the data belonging to each person. This means being able to identify all data stores and applications, identify what data is personal, to whom it belongs, etc. Fulfilling these subject access requests at scale can be a challenging task for many companies. 

Automation of DSAR  

Automation of response to DSARs improves efficiency and enables timely responses to all requests. Automation can be especially important if the organization has limited resources supporting Privacy. Meru Data can quickly create and automate workflows within your organization for processing DSARs.

Built-in customizable workflows and automated APIs that can collect or delete necessary personal data from several systems. The workflows can also assign specific tasks that need to be handled manually or via API to individuals and third parties. Responses to certain questions can trigger additional workflows or alert process owners of potential issues ahead of time. 

Validate and Acknowledge Request :

Meru Data’s automated DSAR workflow consists of four key steps and includes notifications and alerts to internal stakeholders during the process.


Data Map and DSAR :

For organizations to be able to respond to DSARs, they will need to discover and categorize all the systems where personal data is processed or stored. This data is often stored across different systems within an organization, in the cloud, and also with external vendors and partners. A current and comprehensive Data Map will help to streamline this process. 


As more jurisdictions introduce privacy regulations that stipulate data rights for individuals, corporations will be facing the reality that they will need to build automation for managing DSAR activities that's more than just a form for taking requests. Automating DSARs at scale will require a detailed Data Map and DSAR's will have to be fully integrated into the Data Map for maximum impact.

DSAR Chart.png


Automate collection, response, review, ticketing, assignment of requests using workflows


Automate reporting, alerts and dashboards withing the platform.


Automate validation of requests through predefined templates and with API's


Securely communicate with your customers and your vendors 

CCPA Toll-Free Numbers : Our DSAR solutions allow Organizations to add a toll-free number for individuals to submit DSARs. The California Consumer Privacy Act (CCPA) requires that businesses help consumers exercise their CCPA rights by providing two "designated methods for submitting a request." With some exceptions, businesses must provide a toll-free telephone number as one of the designated methods for submitting a request.

•    A dedicated toll-free number that can be included in the Organization’s privacy portal 

•    Customizable audio messages  

•    Submission of DSARs over the phone 

•    Automated workflows to track and respond to phone requests


Requests placed through the toll-free number will appear in the same queue and will be processed along with the requests made through a web portal.