Blog

DSAR Under GDPR and CCPA – Understanding the Key Differences

Richard Marley
June 25, 2021
6 minutes read
309

Data protection is one of the key concerns of organisations these days. For the same reason, data protection laws have increased in different parts of the world. A study reveals that only 10% of the global population had data protected until last year. The study further states that approximately 65% of the population’s data will be secured by the end of the year 2023. The Cisco Consumer Privacy Survey shows that 84% of people are concerned about data privacy in the digital world and want more control over how their data is being used. Given the rising concerns of end-users, law-making bodies have enforced certain data protection regulations that provide consumers with the right to disclose their data. Arguably the European General Data Protection Regulation (GDPR) gives Data Subject Access Request (DSAR) to the residents. Similarly, there are many other regulations for data privacy like the California Consumer Privacy Act (CCPA), PIPEDA in Canada and LGPD in Brazil. Let’s take a look at the key differences of DSAR under GDPR and CCPA.

What are the Seven Principles of GDPR?

The General Data Protection Regulation (GDPR) is responsible for the data protection and privacy of individuals belonging to the European Union (EU). It sets out the following seven key principles:

Fairness, lawfulness and transparency
Data minimisation
Storage information
Accuracy
Purpose limitation
Security
Accountability

What is DSAR?

DSARs are not new since companies and government authorities have been using them for many years now. However, data protection and privacy regulations imposed several changes that make it convenient for consumers to request data access. A DSAR is a request from a data subject to your firm. As per regulatory requirements, you are obligated to provide all the information as soon as possible.

Article 15 of GDPR states,

“A data subject should have the right of access to personal data which have been collected concerning him or her and to exercise that right easily and at reasonable intervals, to be aware of and verify the lawfulness of the processing.”

According to Title 1.81.5 of CCPA,

(a) A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right may be referred to as the right to opt-out.

(b) A business that sells consumers’ personal information to third parties shall provide notice to consumers, pursuant to subdivision (a) of Section 1798.135, that this information may be sold and that consumers have the “right to opt-out” of the sale of their personal information.

(c) A business that has received direction from a consumer not to sell the consumer’s personal information or, in the case of a minor consumer’s personal information has not received consent to sell the minor consumer’s personal information shall be prohibited.

DSAR Under GDPR and CCPA

Under GDPR and CCPA, the DSAR has the following differences and similarities:

DSAR – The Key Considerations

With DSAR, there are some common expectations. A few of them are:

A company will respond to the request or take action
The response will include all the information
Action will occur in a defined period

For companies, one of the fundamental requirements is to maintain a record that a response was provided on the request. Companies must track the date of the receipt and the date of response.

Businesses have a certain time limit to respond to DSARs. As per GDPR, firms must get back to the request within 30 days. On the other hand, the CCPA has imposed a 45-day restriction for the responses. Other timelines include:

10 business days for confirming the receipt of the request
15 business days for responding to opt-out requests
90 business days for informing vendors to not sell consumer information
Two years for maintaining the log of the requests

DSAR – The Key Exceptions

There are some exceptions to DSAR for organisations under certain circumstances. A common exception under GDPR is the disproportionate effort. Companies cannot use DSAR exceptions for not responding to the requests.

California Consumer Privacy Act (CCPA) allows organisations to delete requests. For instance, if a consumer requests a deletion before the warranty period ends, the company is allowed to do that.

In simpler words, there are many exceptions of DSAR and they vary according to the jurisdictions, laws of the state and many other factors.

DSAR Checklist for Organisations

Here’s how businesses can opt for responding to DSARs:

A system that can efficiently receive and process all the requests
Verification of identities of data subjects upon receiving requests
Data collection and review of the processed requests
Remediation plans
Plans for delivering the requested information

Can businesses refuse to respond to DSAR? Yes, under certain circumstances, companies can turn down a request. Here are some of these reasons:

Searchable and accessible format of personal information is not maintained
Compliance is the purpose for processing personal information
Information is not used for commercial reasons
The data is used for national security or law enforcement
The data subject has made multiple requests for disrupting the system

Key Takeaways

Data protection and privacy are the major concerns of law enforcing bodies and organisations. Different regions of the world have imposed various regulations like GDPR in the EU, CCPA in California, LGPD in Brazil, etc. The Data Subject Access Request (DSAR) provides consumers with the right to access their data. Under CCPA and GDPR, the DSAR provides visibility and control to the data subjects. Although there are certain exceptions of DSAR under certain situations, data subjects still have the liberty to request access, deletion or closure of their personal information.

Got questions about data protection and privacy? Our experts are always there to assist you.

Talk to Experts

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Blockchain and NFTs - Setting New Standards for Cybersecurity and Identity Management
What are the Seven Principles of GDPR?
What is DSAR?
DSAR Under GDPR and CCPA
DSAR Checklist for Organisations
Key Takeaways
Non-fungible tokens (NFTs) are an evolution over the emerging concept of cryptocurrencies. As finance systems are getting modernized, consisting of innovative trading and loan systems for different types of assets, ranging from lending contracts to real estate and artwork. However, by making digital representations of physical assets like painting, NFTs are the most advanced form right now to re-invention the finance infrastructure. Thus, the idea of representing physical assets in digitized form is not new, however, these concepts are combined with the significance of tamper-resistant blockchain of smart contracts.

Contrarily, blockchain and NFTs are also playing a crucial role in making the digital ecosystem secure, as fraudsters are becoming more sophisticated and are capable of exploiting cybersecurity systems. Thus, by utilizing the potential of blockchain technology and NFTs, an entirely new level of security can be attained.

Blockchain Technology – Revolutionizing Cybersecurity and Identity Management In Digital Ecosystem

Primarily, blockchain technology is the key driving force behind the success and emergence of cryptocurrencies. This technology is completely transforming the concept of payment gateways along with enhancing cybersecurity concerns. Blockchain technology utilizes cryptography to make transactional records that are unchangeable and can’t be tampered with. NFTs are also backed by this technology and are uniquely categorized through a cryptographic token that provides an extra layer of security by ensuring that each digital asset and transaction records are well- managed, easily being tracked and verified. In addition to this, NFTs are also designed to digitally represent physical assets, which has brought significant opportunities for businesses as well as individuals.

NFTs are now also being used to virtual depict something scarce, for example, in-game add-on features and other collectibles. Due to the unique identity of NFTs, they are providing more improving identification measures while enhancing cybersecurity. In addition to this, NFTs and blockchain technology are also empowering digital businesses to develop virtual ledgers to store cryptocurrencies and digital assets while maximizing security levels. However, the combination of blockchain and NFTs is considered the most advanced way of securing sensitive information and holds the necessary power to completely transform the use of the internet and cybersecurity.

Despite the fact, blockchain is the backbone of the digitization of payment gateways, it is setting new standards in the cybersecurity domain as well. By providing financial institutions and other businesses a decentralized platform to secure data, they tend to protect the companies through various cyber-attacks and financial losses. It also allows businesses to gather and maintain track of customers’ identities. Blockchain technology is signifying security innovations through the following aspects;

Security through Blocks: Blockchain basically works as a distributed ledger that stores and maintains a continuously growing list of client data records called blocks. Each respective block placed in the database is accompanied by a cryptographic hash of the previous block, a timestamp, and transaction data. The immutability feature of blockchain technology allows it to provide businesses and individuals with a sound sense of security and data protection. Other than this, it also backs businesses to determine and authenticate their identities before getting them on board and ensures data is not compromised.

Private and Public Blockchains: The concept of private and public blockchain is growing concerned nowadays. A private blockchain allows companies to communicate information without a designated central authority. On the other hand, the public blockchain databases are easily accessible to any individual in the digital ecosystem. However, both types of blockchain databases are highly secure and can not be exploited, as they deliver the maximum level of transparency. As a result, blockchain ledgers are becoming an ideal place to store digital data or assets.

Decentralized Technology: Blockchain technology allows both businesses as well as individuals to store cryptocurrency and private information in decentralized databases with a high level of encryption. With the decentralization feature, blockchain assures that hackers can get access to one’s identity. However, hacking attempts are impossible, as cybercriminals need to penetrate 51% of the blockchain system at once.

Smart Contracts: The emerging concept of the smart contract is getting global attention, as they are powered with blockchain technology that automatically handles the customer’s transactions and other dealings. They have attained customer trust by enforcing high-end security standards by being transparent and tamper-proof. Other than this, the financial firms are also using smart contracts to manage customer identities and PII. This also enables businesses to curb identity fraud.

Influence of NFTs on Cybersecurity and Identity Management

As businesses are going digital, keeping sensitive information secure and tamper-proof is becoming more difficult than ever. However, Non-Fungible Tokens (NFTs) are one of the crucial ways to make cybersecurity and identity management systems secure and unhackable. Many global firms are adopting NFTs to secure their client data.

The following are a few examples of how NFTs can be used to promote cybersecurity:

Integrated Security Features

NFTs aren’t directly used but are combined with other security measures to increase the productivity of cyber security systems. This includes, encrypting the messaging services, and generating digital ownership signatures on transactions. Other than this, NFTs also interact with identity verification services through authentication, to assure the customers are onboarding with legit identities. Despite all benefits, NFTs are also being used to uplift security measures as they are hard to replicate and link to other virtual assets. The cryptographs also improve data protection. Furthermore, NFTs can also provide an extra level of security for businesses and individuals, aiming to secure their transactions or operations.

Smart Encryption and Validation

NFTs come up with a “smart encryption and validation” method that enhances the effectiveness of security systems, making them secure. This system is particularly designed for the businesses that are providing trading services. NFTs smart encryption and validation uplift the identification and security of public as well as private blockchain databases.

Thus, the encryption and validation technology of NFTs is inevitable. It imprints digital signatures to each asset or transaction making it impossible for criminals to replicate it. This is how NFTs are preventing stealing of assets in the digital ecosystem.

How Shufti Pro Can Help

NFTs and blockchain technology are considered as the optimum ways to overcome identity fraud and financial crimes. Proof of ownership and digital signatures ensure that the data remains unbreachable. This concept will allow SaaS providers to enhance online identity verification solutions and cyber security protocols.

Shufti Pro’s state-of-the-art online identity verification services are an ideal solution for every type of business providing digital services. AI-backed ID verification services enable companies to determine the identities of customers before getting them onboard with 98.67% accuracy in less than a second.

Want to know more about the identity verification solution?

Talk to experts

DSAR Under GDPR and CCPA – Understanding the Key Differences

What are the Seven Principles of GDPR?

What is DSAR?

DSAR Under GDPR and CCPA

DSAR – The Key Considerations

DSAR – The Key Exceptions

DSAR Checklist for Organisations

Key Takeaways

Blockchain Technology – Revolutionizing Cybersecurity and Identity Management In Digital Ecosystem

Influence of NFTs on Cybersecurity and Identity Management

Integrated Security Features

Smart Encryption and Validation

How Shufti Pro Can Help

Top 10 Technology Trends That Will Reshape the Travel Industry

1. Augmented Reality and Virtual Reality

2. Video KYC

3. AI-Powered Identity Verification Solutions

4. Automating Actions with Voice & Robotics

5. Contactless Payments and Self-Check-In

6. AI Chatbot

7. Big Data

8. Hassle-free Experience Recognition Technology Systems

9. Personalizing Passenger Journeys with Wearables & IoT

10. Making Security Seamless with Artificial Intelligence

Final Thoughts

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.