Skip to content
Privacy Requests
Concepts
Fundamentals

Privacy Requests: Fundamentals

5minFidesPrivacy Requests

This page introduces the key terms and concepts behind privacy requests. For detailed guides on each topic, follow the links below.

What are Privacy Requests?

Privacy requests, also sometimes called Data Subject Requests (DSRs or DSARs), are the rights afforded to a user whose data is processed by an organization.

The rights afforded to your users are based on their location and not your organization's!

The commonly recognized rights are Access, Erasure, Rectification, and Portability. For full descriptions of each right, see Submitting privacy requests.

Key Terms

  • Data Subject: The owner of personal data collected by your organization — often your customers or employees. See the glossary for more terms.
  • Authorized Agent: A third party appointed by a data subject to submit privacy requests on their behalf. You must honor requests from authorized agents provided you are satisfied the agent has been appointed by the subject.
  • Subject Identity Verification: When you receive a privacy request, you are responsible for confirming the identity of the subject. Fides offers built-in verification via MFA. Learn more in the identity verification guide.

Receiving Privacy Requests

Most global privacy regulations require you to provide at least two easy-to-find methods for submitting privacy requests (e.g., a web form, email, or phone). Learn how to configure your intake methods in the submitting requests guide.

Processing Timeframes and Exceptions

Privacy requests must be completed within regulation-specific timeframes, and there are certain exceptions where you may not be required to fulfill a request (e.g., legal obligations, confidentiality risks). For timeframes, exception details, and examples, see Managing privacy requests.

Now that we've covered the basics, let's dive into configuring and managing privacy requests with Fides.

OverviewRequest Execution