Data Subject Access Request
A formal request from an individual to access, correct, or delete their personal data held by an organization.
What Data Subject Access Request means
A Data Subject Access Request (DSAR) is a formal request by an individual exercising their rights under GDPR (or similar laws like CCPA) to access, rectify, erase, restrict processing of, or port their personal data. Organizations typically have 30 days (GDPR) or 45 days (CCPA) to respond. For advertising organizations, DSARs can require providing information about what personal data is used for ad targeting, what data has been shared with ad platforms, and how data was collected. Fulfilling DSARs requires having robust data inventory and mapping systems. The advertising data ecosystem's complexity — spanning multiple platforms, pixels, and data partners — makes DSAR compliance particularly challenging. Non-compliance can result in regulatory complaints and fines.
Related terms
GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
CCPA
The California Consumer Privacy Act — a US state law giving California residents rights over their personal data, including the right to opt out of data sale.
Data Controller
The entity that determines the purposes and means of processing personal data, bearing primary responsibility under GDPR.
Privacy Policy
A legally required document disclosing how an organization collects, uses, shares, and protects personal data.