Back to all glossary articles

Data subject access request

A data subject access request (DSAR) is a request submitted by an individual (data subject) to an organization to acquire the information collected and stored about them to verify the lawfulness of the processing.

A data subject can also ask for specific actions to be taken with regard to that data. For instance, they may request the deletion or correction of information, receive information on the data safeguards provided by the organization or opt out of future data collection.

Data subject access requests are a part of the data subject rights provided by the EU’s GDPR, California’s CCPA and many other privacy laws around the world.

DSARs give consumers unprecedented control over the personal information that organizations store. An organization served with a DSAR is legally obligated to fulfill these requests within a limited timeframe to avoid non-compliance.

  • HIPAA-compliant analytics for healthcare systems: How hospital marketing teams can measure what matters

    Patients now research symptoms, compare providers, and book appointments entirely online before ever contacting a hospital. Healthcare marketers need to adapt to digital-first patient journeys, run campaigns for numerous service lines, manage hospital marketing analytics across multiple locations, and prove ROI to administrators. For nonprofit hospitals, the picture is broader still — donation tracking is…

  • Privacy by design in practice: How “just enough” data beats “just in case” collection

    While collecting more data “just in case” feels safer, according to Matt Gershoff, it’s also one of the biggest sources of unnecessary compliance risk, analytical noise, and wasted organizational resources in the analytics industry today. His approach of “just enough” data collection is more intentional, more aligned with privacy regulation, and often more analytically effective.

Other definitions

Recent posts from Piwik PRO blog