Consumer Rights / DSAR Compliance

Understanding Consumer Rights/DSAR Compliance Recommendations and Solutions

The EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other privacy regulations seek to protect the personal data and privacy of consumers. These regulations significantly increase the requirements on businesses regarding how they address consumer rights/data subject access requests (DSAR) - for example, to access or delete personal information. Specifically these regulations define the types of consumer rights/DSARs that need to be addressed and the timeline and process that needs to be followed to fulfill the requests. For example, GDPR requires that DSARs be addressed within one month, CCPA within 45 days (with some exceptions and extensions permitted).

Sanctions for non-compliance can be significant. For example, under the CCPA, businesses can face penalties of up to $7,500 per intentional violation or $2,500 per unintentional violation. The CCPA also provides a private right of action to California residents where their personal information is subject to unauthorized access, theft, or disclosure. Businesses would face paying between $100 to $750 per resident or incident, regardless of whether actual damages are shown.

Consumer Rights / DSAR Compliance

The privacy experts at TrustArce suggest you follow the below steps to support compliance with regulatory requirements around consumer rights requests/DSAR.

  • Ensure understanding of what data you collect and process and where it resides.
  • Establish a process to intake individual rights requests that is easy on the individual and ensure this process is well- communicated throughout the organization. A request may come in from many routes and the person receiving that request needs to understand that a request is being made. Individuals typically won’t understand or use the exact verbiage in the law.
  • Validate the individual's identity.
  • Once the request is validated, have a process to review it, evaluate the data referenced, the reasons for processing the data and evaluate any exceptions.
  • Have a response process.
  • Put in place an appeals process for denied requests. Retain documentation throughout the process.

TrustArc Solutions

Individual Rights Manager, a module of the TrustArc Privacy Platform, can help your company comply with privacy regulations that have consumer rights / DSAR requirements. The solution enables consumers to easily submit DSARs and companies to efficiently manage, evaluate and resolve requests within required timelines. Integration with TrustArc Data Inventory Hub allows a company to easily locate an individual’s data within systems, which speeds up response times. In addition, companies can use the solution to maintain an audit trail that demonstrates accountability and regulatory compliance. TrustArc privacy consultants can also help you to develop your consumer rights/DSAR program and processes.

Powerful Technology + Proven Methodology + Deep Expertise

The TrustArc Platform powers all solutions, combining:
9+ years of high scale operating experience
1,000s of successful customer engagements
20+ years of privacy industry experience

Looking for help with GDPR and CCPA Individual Rights Compliance?