DSAR: With growing awareness of data subject rights, compliance with data protection laws in Brazil (LGPD) is becoming increasingly relevant.

These laws reinforce what data subjects can do to verify the legitimacy of data processing procedures, and the DSAR guarantees access to their information when controlled by companies or organizations.

What is DSAR?

O DSAR (Data Subject Access Request)A Data Protection Authorization (DPA), or 'Data Subject Access Request' in a free translation, is a term related to data protection. It represents a right granted to individuals to access their information and to understand how that information is being handled.

DSAR ensures that an individual can request access to the information a controlling organization holds about them, as well as understand how that data is processed.

For citizens of the European Union, this right is one of the key aspects of the General Data Protection Regulation (GDPR).

Should companies always be available to fulfill these requests?

Yes, according to LGPD (General Data Protection Law), the data subject can make a request at any time. Thus, Brazilian citizens have this right, which the controlling organizations must comply with to allow them to verify the legality of the processing of their data.

Once requested, companies have up to 15 days to respond, starting from the date of the data subject's request, as stipulated in Article 19 of the LGPD (Brazilian General Data Protection Law).

The request can be made in a simplified manner or through a clear and complete statement, indicating the origin of the data, the absence of registration, the criteria used, and the purpose of the processing.

Additional information can also be provided, such as:

• The duration of data storage;
• Other rights that may exist;
• The origin of the data, if it was not obtained directly from the data subject.

It is important to remember that the service provider should consider that the applicant may want to know more details about data processing and exercise other rights, such as... rectification or deletion of data.

What are the rights of data subjects protected by the LGPD?

Article 18 of the General Data Protection Law details the rights of data subjects, which include:

I – confirmation of the existence of processing; II – access to data; III – correction of incomplete, inaccurate or outdated data; IV – anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data; V – portability of data to another service or product provider, upon express request; VI

– deletion of personal data processed with the consent of the data subject, except in the cases provided for in Article 16 of the LGPD; VII – information on the public and private entities with which the controller shared data; VIII – information on the possibility of not providing consent and on the consequences of refusal.

How can I track a DSAR application? 

The Privacy Tools platform includes a module called Data Subject Requests. It functions as a specialized service platform for data subject rights. In other words, whenever an interested party wants access to their private information, as well as requests such as data removal or clarification about its use, these requests must be made through a specialized channel with appropriate service prepared for the interaction. 

Among its features are the ability to directly monitor compliance with deadlines and regulatory requirements; the completion of customized fields; and customer service automation.