Download the Gartner Market Guide for Consent and Preference Management
Access now
Skip to content

Platform

Automate Data Subject Access Requests

Build customer trust, improve efficiencies and save costs with Cassie’s Data Subject Access Request (DSAR) module. Book a demo now to see why large organizations trust Cassie to seamlessly fulfill their customer’s data access and removal requests as mandated by global privacy regulations.

Book a demo
Data Subject Access Request

Our DSARs module delivers:

Centralized requests

One central platform for managing all Data Subject Access Requests, no matter where the data subject is located

Secured information

Only accessible via secure links and access codes, allowing for full management control

Clear communications

Real-time notifications for clear communications on the request both internally and externally

Consumer transparency

Data subjects can track the progress of their requests for complete transparency

Fully auditable

Users are given unique IDs for full trackability of what information has been added to the request

Enhanced reporting

An interactive dashboard for full business reporting on requests per region and status

DSARs - Enable your customers to exercise their right to privacy

Streamline DSAR response times and improve customer trust

Cassie’s DSAR module allows businesses to automate their DSAR process, eliminating repetitive manual tasks and reducing the risk of human error – saving time and improving the customer experience.

Simplify the request intake and fulfillment processes by providing an easy-to-use centralized system from which you can manage all data access and privacy requests in one place.

 

 

DSARs guide

What fundamental data privacy rights do your customers have?

Data Subject Access Requests (DSARs) are requests from individuals to access, delete or update the personal data held by businesses about them. DSARs must be responded to promptly and accurately per applicable data privacy regulations, such as GDPR or CCPA, which stipulate data retention policies and maximum response times for requests.

Download our DSARs guide

“By 2026, fines due to mismanagement of subject rights will have increased tenfold from 2022, to over $1 billion.”

Market Guide for Subject Rights Request Automation Gartner 2023

Our DSARs module enables you to execute these 7 steps when processing a request:

Gather the data subject’s information

1. Gather the data subject’s information

Enter Personally Identifiable Information (PII) such as name; email address and telephone number.

Verify the information

2. Verify the information

Verify the data subject’s information is correct and up to date.

Await confirmation from the data subject

3. Await confirmation from the data subject

The data subject will then confirm their identity.

Transfer the request to the respective departments

4. Transfer the request to the respective departments

Ask each department (i.e. HR, Accounts, Sales and Marketing) to action the request.

Wait on a response from the departments

5. Wait on a response from the departments

Each department should respond within an agreed-limited timeframe.

Return to the data subject’s information

6. Return to the data subject’s information

Finalise the DSAR details and send an automated email to the data subject.

Wait on a response from the departments

7. Request completed

The data subject will be notified with an email that their request has been completed.

Combine Cassie with our DSARs module for greater organisational efficiency and transparency

Combine the Cassie CMP with our DSARs module for greater organizational efficiency and transparency

  • Requests can be made through landing page forms or Cassie’s Public Portal and all requests are centrally logged in the DSARs Portal
  • DSARs can be attributed to the data subject’s record within Cassie, providing a central full view of all information, requests and changes
  • Personal information held on the data subject who has made the DSARs can be verified within Cassie and automatically placed into the DSARs platform for processing.

 

 

You might also like to read

 

DSARs compliance: A business advantage

DSARs compliance: A business advantage

DSARs compliance: A business advantage

Understand why DSARs are crucial for personal data accountability, how to ensure legal compliance, and build customer trust by prioritizing DSARs.

Read blog
Data myths and misconceptions report

Data myths and misconceptions research report

Data myths and misconceptions research report

This report explores consumers' views on data privacy & security, exploring factors that shape their behavior & decisions about protecting their data.

Read research report

DSARs FAQs

 

  • Who can submit a DSAR and do you have to respond?
    • Any individual whose personal data has been collected and stored by a company may submit a DSAR. This includes customers or users of online services, such as those who shop at an e-commerce site or use another type of online service. However, DSAR requests are not limited to consumers; companies must be prepared to receive and respond to DSARs from any data subject. DSARs are an important part of data privacy law compliance. Organizations should respond to such requests within a certain timeframe, and take action according to the relevant regulations in place.
  • What fundamental data privacy rights do your customers have?
      • The right of access Data subjects have the right to discover what personal data a company holds on them, as well as receive an exact copy of that information.
      • The right of deletion Data subjects have the right to request that their personal information be removed from a company’s records.
      • The right of rectification Data subjects have the right to request corrections to any incomplete or inaccurate data related to them.
      • The right of portability Data subjects have the right to receive a copy of their personal data in an easily transferable format from any company they’ve provided it to and can then transmit this information directly to a third party.
      • The right to opt out Data subjects have the right to withdraw their consent for the processing of their personal information, such as requesting that their personal data not be sold.
      • The right to opt in An organization can only collect and use a consumer's data if they have obtained the consumer's clear permission to do so.
  • What are the Data Subject Access Request Rules under GDPR?
    • Under the guidelines of GDPR, as a business, you will have 30 days to respond to a data subject access request. Although there is an option to extend this period an extra 30 days, should a customer call requesting access to their data, you will need to provide it.
  • Can a DSAR request be ignored?
    • Should a customer’s request to access their data fail to be met within 30 days (or the extension of another 30 days) this can lead to a court order in which the court will decide as to whether you will be required to comply.
  • What are the differences between DSAR and DSR?
    • People often get confused between Data Subject Rights (DSR) and Data Subject Access Rights (DSAR). This is most likely because both refer to a customer’s desire to obtain access to the personal data that is being stored. Both DSAR and DSR refer to this, however, a DSR is an umbrella term to include the request of the customers to not only access their data but to modify or delete personal information.