1 / 5
A DSAR is a request by a ___ to access the personal data an organisation holds about them.
-
-
-
-
The data subject (the individual) has the right under laws like GDPR to request access to their personal data.
2 / 5
Before fulfilling a DSAR you must ___ the requester to prevent disclosing data to the wrong person.
-
-
-
-
Identity verification stops attackers from using a DSAR to exfiltrate someone else's personal data.
3 / 5
Under GDPR, organisations generally must respond to a DSAR within ___.
-
-
-
-
GDPR sets a default of one month (extendable for complex requests), making timeliness a compliance requirement.
4 / 5
A request to delete personal data exercises the right to ___.
-
-
-
-
The right to erasure ('right to be forgotten') lets individuals request deletion of their data, subject to legal exceptions.
5 / 5
Identifying every system holding the requester's data so the response is complete relies on a data ___.
-
-
-
-
A data map/inventory tells you where personal data lives, which is essential to answer a DSAR fully and accurately.