Image by Markus Spiske


Privacy regulations provide the right for individuals to make Data Subject Access Requests (DSAR) to an organization to access, correct or delete their personal data being processed by the organization. Individuals also have the right to know and obtain information about the purposes of personal data processing. DSARs can be submitted in different ways, including over the web, in writing, or verbally over the phone.

Types of data subject access requests include: 

  • Limit/Restrict/Opt-Out: Requests to restrict sharing of individual’s information with affiliates and partners or limit the use of their personal data  

  • Summarized Categories: Requests for summarized categories of information an organization has about individuals  

  • Copy of Information: Request for copy of all information organization has about the individual  

  • Update/Change/Collect Information: Request to change/update information about the individual, particularly if it is inaccurate  

  • Delete Data: Request to permanently erase or delete an individual’s personal data 

Automation of DSAR  

Automation of response to DSARs improves efficiency and enables timely responses to all requests. Automation can be especially important if the organization has limited resources supporting Privacy. Meru Data can quickly create and automate workflows within your organization for processing DSARs.

Our workflows use automated APIs that can collect or delete necessary personal data from several systems. The workflows can also assign specific tasks that need to be handled manually to individuals and third-parties. Responses to certain questions can trigger additional workflows or alert process owners of potential issues ahead of time. 

Validate and Acknowledge Request :

Meru Data’s automated DSAR workflow consists of four key steps and includes notifications and alerts to internal stakeholders during the process.


Data Map and DSAR :

For organizations to be able to respond to DSARs, they will need to discover and categorize all the systems where personal data is processed or stored. This data is often stored across different systems within an organization, in the cloud, and also with external vendors and partners. A current and comprehensive Data Map will help to streamline this process. 

CCPA Toll Free Numbers :

The California Consumer Privacy Act (CCPA) requires that businesses help consumers exercise their CCPA rights by providing two "designated methods for submitting a request." With some exceptions, businesses must provide a toll-free telephone number as one of the designated methods for submitting a request.

Our DSAR solutions allows Organizations to add a toll-free number for individuals to submit DSARs. These include:  

•    A dedicated toll-free number that can be included in the Organization’s privacy portal 

•    Customizable audio messages  

•    Submission of DSARs over the phone 

•    Automated workflows to track and respond to phone requests


Requests placed through the toll-free number will appear in the same queue and will be processed along with the requests made through a web portal.