A formal request from a Data Principal exercising any of their rights under the DPDPA against a Data Fiduciary.
A Data Subject Request (industry term for requests made under DPDPA Section 11) is any formal request from a Data Principal to exercise their rights — access, correction, erasure, nomination, or grievance redressal. DSRs can arrive through any channel the Fiduciary makes available. The Fiduciary must acknowledge receipt, verify the requester's identity, process the request within mandated timelines, and maintain a complete audit trail of the handling.
DSRs will increase as awareness grows. Without automated workflows, even a moderate volume of requests can overwhelm teams. Each missed deadline is a potential Board complaint and penalty.
A Pune insurance company receives 50 access requests in one month after a privacy awareness campaign. Without automated DSR workflows, their 3-person compliance team cannot respond to all within 30 days. Automated identity verification, data discovery, and response generation become essential.
You cannot require Data Principals to use only one specific channel (like a web form) to submit requests. If they email or write a letter, those are valid DSRs that must be processed within the same timelines.
DPDPA Shield automates Data Principal Rights. See how →