DSR (Data Subject Request)

Data Privacy, De-Mystified.

Welcome to the Ethyca Glossary.
Use it to find data laws like CCPA & GDPR, concepts, and activities explained simply.

A DSR is one of the most operationally significant aspects of user data privacy under new pieces of legislation like GDPR. Under GDPR any user (ie a civilian in the EU) has the right to formally request access, rectification, or erasure of the data that a company keeps on them. Access to that data must also be shared in a portable format; so for example, a clearly labeled spreadsheet. 

In plain terms, the basic challenge companies face with a DSR is, upon receiving a request, speedily access a comprehensive data record for a certain individual, provide it in a digestible format to the individual, and comply with individual requests to rectify or erase that data. This seemingly straightforward exercise can be a huge challenge for large companies with a disorganized network of data stores and third-party partners. Even the basic task of confidently producing an exhaustive data record can prove elusive.

But the fact remains that managing DSRs is not negotiable in this new era of data privacy. Whether an organization chooses to implement manual or automated processes for dealing with its subject requests, the topic cannot be ignored.