← Glossary·Privacy

Data Subject Rights (DSAR)

GDPRCCPA

Rights granted to individuals over their personal data — access, rectification, erasure, portability, restriction, objection.

Data Subject Access Requests (DSARs) and related rights include access (Art. 15), rectification (16), erasure / right to be forgotten (17), restriction (18), portability (20), and objection (21). Equivalent CCPA rights are access, deletion, correction, opt-out of sale/sharing, and limit use of SPI.

Why it matters
GDPR allows one calendar month (extendable +2 months) to respond. Failing to honour a DSAR is a high-likelihood regulator referral path.

Related terms

Data Subject
The identified or identifiable natural person to whom personal data relates (GDPR Art. 4(1)).
Personal Data (GDPR)
Any information relating to an identified or identifiable natural person (data subject) — Art. 4(1).
CCPA / CPRA
California's omnibus consumer privacy law, expanded by CPRA; enforced by the CPPA.

Does your program actually cover Data Subject Rights (DSAR)?

Run a free ComplianceIQ audit against GDPR and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free GDPR auditBack to glossary