Build customer trust, improve efficiencies and save costs with Cassie’s Data Subject Access Request (DSAR) module. Book a demo now to see why large organizations trust Cassie to seamlessly fulfill their customer’s data access and removal requests as mandated by global privacy regulations.
One central platform for managing all Data Subject Access Requests, no matter where the data subject is located
Only accessible via secure links and access codes, allowing for full management control
Real-time notifications for clear communications on the request both internally and externally
Data subjects can track the progress of their requests for complete transparency
Users are given unique IDs for full trackability of what information has been added to the request
An interactive dashboard for full business reporting on requests per region and status
Streamline DSAR response times and improve customer trust
Cassie’s DSAR module allows businesses to automate their DSAR process, eliminating repetitive manual tasks and reducing the risk of human error – saving time and improving the customer experience.
Simplify the request intake and fulfillment processes by providing an easy-to-use centralized system from which you can manage all data access and privacy requests in one place.
What fundamental data privacy rights do your customers have?
Data Subject Access Requests (DSARs) are requests from individuals to access, delete or update the personal data held by businesses about them. DSARs must be responded to promptly and accurately per applicable data privacy regulations, such as GDPR or CCPA, which stipulate data retention policies and maximum response times for requests.
Any individual whose personal data has been collected and stored by a company may submit a DSAR. This includes customers or users of online services, such as those who shop at an e-commerce site or use another type of online service. However, DSAR requests are not limited to consumers; companies must be prepared to receive and respond to DSARs from any data subject.
DSARs are an important part of data privacy law compliance. Organizations should respond to such requests within a certain timeframe, and take action according to the relevant regulations in place.
The right of access
Data subjects have the right to discover what personal data a company holds on them, as well as receive an exact copy of that information.
The right of deletion
Data subjects have the right to request that their personal information be removed from a company’s records.
The right of rectification
Data subjects have the right to request corrections to any incomplete or inaccurate data related to them.
The right of portability
Data subjects have the right to receive a copy of their personal data in an easily transferable format from any company they’ve provided it to and can then transmit this information directly to a third party.
The right to opt out
Data subjects have the right to withdraw their consent for the processing of their personal information, such as requesting that their personal data not be sold.
The right to opt in An organization can only collect and use a consumer's data if they have obtained the consumer's clear permission to do so.
Under the guidelines of GDPR, as a business, you will have 30 days to respond to a data subject access request. Although there is an option to extend this period an extra 30 days, should a customer call requesting access to their data, you will need to provide it.
Should a customer’s request to access their data fail to be met within 30 days (or the extension of another 30 days) this can lead to a court order in which the court will decide as to whether you will be required to comply.
People often get confused between Data Subject Rights (DSR) and Data Subject Access Rights (DSAR). This is most likely because both refer to a customer’s desire to obtain access to the personal data that is being stored. Both DSAR and DSR refer to this, however, a DSR is an umbrella term to include the request of the customers to not only access their data but to modify or delete personal information.
Opens in a new windowOpens an external siteOpens an external site in a new window