What is a Data Subject Request (DSR) under GDPR?

A Data Subject Request (DSR) under the General Data Protection Regulation (GDPR) refers specifically to a request made by an individual regarding their personal data and the rights associated with it. The GDPR grants individuals certain rights concerning their personal data, such as the right to access, rectify, erase, restrict processing, and object to processing. When a data subject initiates a DSR, they are exercising one or more of these rights, asking the data controller (the organization managing their data) to take action regarding their personal information.

Understanding this concept is essential as it underscores the data protection rights afforded to individuals under GDPR. Each DSR must be addressed by the organization within defined timelines and often requires procedures to verify the identity of the requester to protect against unauthorized access to personal data. This mechanism promotes transparency and accountability in data processing activities, aligning with GDPR's principles of data protection by design and by default.