Platform
Automate Data Subject Access Requests
Build customer trust, improve efficiencies and save costs with Cassie’s Data Subject Access Request (DSAR) module. Book a demo now to see why large organizations trust Cassie to seamlessly fulfill their customer’s data access and removal requests as mandated by global privacy regulations.
Our DSARs module delivers:
Centralized requests
One central platform for managing all Data Subject Access Requests, no matter where the data subject is located
Secured information
Only accessible via secure links and access codes, allowing for full management control
Clear communications
Real-time notifications for clear communications on the request both internally and externally
Consumer transparency
Data subjects can track the progress of their requests for complete transparency
Fully auditable
Users are given unique IDs for full trackability of what information has been added to the request
Enhanced reporting
An interactive dashboard for full business reporting on requests per region and status
Streamline DSAR response times and improve customer trust
Cassie’s DSAR module allows businesses to automate their DSAR process, eliminating repetitive manual tasks and reducing the risk of human error – saving time and improving the customer experience.
Simplify the request intake and fulfillment processes by providing an easy-to-use centralized system from which you can manage all data access and privacy requests in one place.
What fundamental data privacy rights do your customers have?
Data Subject Access Requests (DSARs) are requests from individuals to access, delete or update the personal data held by businesses about them. DSARs must be responded to promptly and accurately per applicable data privacy regulations, such as GDPR or CCPA, which stipulate data retention policies and maximum response times for requests.
Our DSARs module enables you to execute these 7 steps when processing a request:
1. Gather the data subject’s information
Enter Personally Identifiable Information (PII) such as name; email address and telephone number.
2. Verify the information
Verify the data subject’s information is correct and up to date.
3. Await confirmation from the data subject
The data subject will then confirm their identity.
4. Transfer the request to the respective departments
Ask each department (i.e. HR, Accounts, Sales and Marketing) to action the request.
5. Wait on a response from the departments
Each department should respond within an agreed-limited timeframe.
6. Return to the data subject’s information
Finalise the DSAR details and send an automated email to the data subject.
7. Request completed
The data subject will be notified with an email that their request has been completed.
Combine the Cassie CMP with our DSARs module for greater organizational efficiency and transparency
- Requests can be made through landing page forms or Cassie’s Public Portal and all requests are centrally logged in the DSARs Portal
- DSARs can be attributed to the data subject’s record within Cassie, providing a central full view of all information, requests and changes
- Personal information held on the data subject who has made the DSARs can be verified within Cassie and automatically placed into the DSARs platform for processing.
You might also like to read
DSARs FAQs
-
Who can submit a DSAR and do you have to respond?
- Any individual whose personal data has been collected and stored by a company may submit a DSAR. This includes customers or users of online services, such as those who shop at an e-commerce site or use another type of online service. However, DSAR requests are not limited to consumers; companies must be prepared to receive and respond to DSARs from any data subject. DSARs are an important part of data privacy law compliance. Organizations should respond to such requests within a certain timeframe, and take action according to the relevant regulations in place.
-
What fundamental data privacy rights do your customers have?
-
- The right of access Data subjects have the right to discover what personal data a company holds on them, as well as receive an exact copy of that information.
- The right of deletion Data subjects have the right to request that their personal information be removed from a company’s records.
- The right of rectification Data subjects have the right to request corrections to any incomplete or inaccurate data related to them.
- The right of portability Data subjects have the right to receive a copy of their personal data in an easily transferable format from any company they’ve provided it to and can then transmit this information directly to a third party.
- The right to opt out Data subjects have the right to withdraw their consent for the processing of their personal information, such as requesting that their personal data not be sold.
- The right to opt in An organization can only collect and use a consumer's data if they have obtained the consumer's clear permission to do so.
-
-
What are the Data Subject Access Request Rules under GDPR?
- Under the guidelines of GDPR, as a business, you will have 30 days to respond to a data subject access request. Although there is an option to extend this period an extra 30 days, should a customer call requesting access to their data, you will need to provide it.
-
Can a DSAR request be ignored?
- Should a customer’s request to access their data fail to be met within 30 days (or the extension of another 30 days) this can lead to a court order in which the court will decide as to whether you will be required to comply.
-
What are the differences between DSAR and DSR?
- People often get confused between Data Subject Rights (DSR) and Data Subject Access Rights (DSAR). This is most likely because both refer to a customer’s desire to obtain access to the personal data that is being stored. Both DSAR and DSR refer to this, however, a DSR is an umbrella term to include the request of the customers to not only access their data but to modify or delete personal information.