Data Subject Requests (DSRs)
DSRs (also known as DSARs or even SARs, depending where in the world you are) are a core competence for any business wishing to be compliant with GDPR or the CCPA. They are a key piece of data privacy activity, and getting them right can pose a significant challenge for businesses of all kinds.
Most simply, a DSR is when a consumer requests access or modification to the data that a business holds on them. There are a few different types of DSRs, and the ones that businesses are required to process vary by region. Check out the table below for a quick primer:
Types of Data Subject Requests by Region
| Type of request | Details | Required by CCPA? | Required by GDPR? |
| Access request | A request to view the data the business holds on an individual. | ||
| Rectification request | A request to make a modification of the data a business holds on the individual | ||
| Erasure request | A request to scrub all the data a business holds on the individual | ||
| “Do Not Sell My Info” request | A request to exclude all data for a given individual from sale to third parties. |
Data Subject Requests form the core of a robust privacy operation for any business. But how do consumers feel about the value of this access? Do DSRs help them trust a business more? Below, you can check out Ethyca CEO Cillian Kieran and University of Zurich Marketing & Privacy Expert Anne Scherer in conversation about the role of DSRs in boosting consumer perception.