DSRs (also known as DSARs or even SARs, depending where in the world you are) are a core competence for any business wishing to be compliant with GDPR or the CCPA. They are a key piece of data privacy activity, and getting them right can pose a significant challenge for businesses of all kinds.

Most simply, a DSR is when a consumer requests access or modification to the data that a business holds on them. There are a few different types of DSRs, and the ones that businesses are required to process vary by region. Check out the table below for a quick primer:

Types of Data Subject Requests by Region

Type of request Details Required by CCPA? Required by GDPR?
Access request A request to view the data the business holds on an individual.
Rectification request A request to make a modification of the data a business holds on the individual
Erasure request A request to scrub all the data a business holds on the individual
“Do Not Sell My Info” request A request to exclude all data for a given individual from sale to third parties.

Data Subject Requests form the core of a robust privacy operation for any business. But how do consumers feel about the value of this access? Do DSRs help them trust a business more? Below, you can check out Ethyca CEO Cillian Kieran and University of Zurich Marketing & Privacy Expert Anne Scherer in conversation about the role of DSRs in boosting consumer perception.