Introduction to Data Subject Access Requests: Purpose, Examples, Responding to Requests, Navigating Compliance

Course Details
- smart_display Format
Live Online with Live Q&A
- signal_cellular_alt Difficulty Level
Beginner
- work Practice Area
Cybersecurity and Data Privacy
- event Date
Wednesday, July 16, 2025
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
60 minutes
-
This 60-minute webinar is eligible in most states for 1.0 CLE credits.
This CLE webinar will provide a high-level overview of data subject access requests (DSARs). The panel will explain what a DSAR is and isn't, outline the purpose and key components of a DSAR, give examples of common DSAR requests, and provide tips for navigating compliance under the ever-evolving data privacy legal framework.
Faculty

Mr. Austin advises clients on breach response, data privacy, information security, and regulatory compliance related to domestic and international privacy laws and regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and the Health Insurance Portability and Accountability Act (HIPAA). He is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) by the International Association of Privacy Professionals (IAPP).

Mr. Auty has led engagements with hundreds of companies in diverse industries. He works side-by-side with clients to navigate complex, intersecting data privacy and security regimes, including the California Consumer Privacy Act, the GDPR, HIPAA and the Gramm-Leach-Bliley Act. Mr. Auty also has significant experience responding to data breaches and defending privacy and security practices in investigations initiated by regulatory agencies around the world. He is a frequent writer and speaker on data privacy topics, in particular issues related to digital marketing.
Description
A right to access personal information an organization collects about an individual is a primary feature of major data privacy laws. DSARs give individuals the right to discover data an organization has on them, why the organization has the data, and how the organization shares that information with third parties. Data may include everything from email addresses and phone numbers to tracking scripts and cookies.
Counsel must know how to recognize an access request, what the process is for responding to one, and special issues to keep in mind with certain types of data. Business counsel should also understand the compliance timeframe required by data privacy regulations.
Counsel will help establish the means of improving DSAR compliance by purging unnecessary data, creating written procedures for access requests, and leveraging technology to respond to requests cost effectively. Establishing these processes is necessary to avoid potentially onerous fines for violating data privacy regulations.
Listen as our expert panel reviews common DSARs and addresses best practices for complying with applicable data privacy laws.
Outline
I. Overview: understanding what a DSAR is and isn't
II. Examples of common DSAR requests
III. Legal and regulatory framework governing DSARs
A. EU's General Data Protection Regulation (GDPR)
B. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
C. Other state privacy laws: common themes regarding DSARs and key differences
IV. Penalties and enforcement
V. Key concepts for advising clients and spotting issues
VI. Assessing, planning, and preparing for common situations
VII. Creating effective policies and protocols
Benefits
The panel will review these and other key considerations:
- What is the typical process for an individual to make a DSAR with an organization?
- How long does an organization have to comply with a DSAR?
- How should an organization respond to a DSAR request and how much information does the organization need to provide?
- What are special issues and considerations to keep in mind?
- What steps can organizations take to prepare for DSARs to ensure compliance with applicable data privacy laws?
Unlimited access to premium CLE courses:
- Annual access
- Available live and on-demand
- Best for attorneys and legal professionals
Unlimited access to premium CPE courses.:
- Annual access
- Available live and on-demand
- Best for CPAs and tax professionals
Unlimited access to premium CLE, CPE, Professional Skills and Practice-Ready courses.:
- Annual access
- Available live and on-demand
- Best for legal, accounting, and tax professionals
Related Courses

Introduction to Data Subject Access Requests: Purpose, Examples, Responding to Requests, Navigating Compliance
Thursday, May 22, 2025
1:00 p.m. ET./10:00 a.m. PT

AdTech and Data Privacy Risks: Law, Policy, Litigation and Enforcement
Available On-Demand
Recommended Resources
Explore the Advantages of Consistent Legal Language
- Learning & Development
- Business & Professional Skills
- Talent Development
The Power of Project Management: Using the 80/20 Rule in E-Discovery
- Legal Technology
- E-Discovery