What is a data subject access request (DSAR)?

A data subject access request (DSAR) is fundamentally a request made by an individual to obtain a copy of their personal data that is being held by an organization. This right is a key component of various data protection regulations, such as the General Data Protection Regulation (GDPR), which grants individuals the ability to understand what personal data is processed about them, why it is processed, and who it is shared with. A DSAR empowers individuals by providing transparency and control over their personal information, fostering trust and accountability from organizations in their data handling practices.

In contrast, the other options provide scenarios that do not accurately define a DSAR. For instance, a request to limit processing involves different legal concepts, such as data minimization or restrictions under specific circumstances but does not entail access rights to personal data. A request from authorities to audit a company’s practices relates more to compliance checks rather than individual access to personal data. Additionally, requests for organizations to share data with third parties pertain to data sharing policies and agreements, which fall outside the scope of individuals seeking access to their own information.