In this chapter, we will discuss Data Subject Access Requests (DSARs). As privacy laws like GDPR and CCPA become more entrenched in the public consciousness, leaders at all kinds of companies are seeing DSARs land on their desk, and they need to respond to them. Unless they are able to do so accurately and expediently, they risk reputational harm and possible fines. This chapter will help such leaders in three ways.
First, we will look at the DSAR workload and assess how companies are faring in the face of customer requests. This will help leaders and their executive supervisors make informed decisions around data governance, resourcing, training, and outreach. This part of the chapter is geared to a wide range of stakeholders.
Second, we will look at backend data and how those responsible for storing and extracting data to support DSARs can make decisions about architecture. These decisions are critical in both manual and automated fulfillment of DSARs. This section is geared more toward engineers but it could also be instructive for attorneys, since they need to understand the tradeoffs involved in various approaches to fulfilling DSARs.