What is Right to Access?

A legal right under GDPR and similar laws that allows individuals to request a copy of all personal data an organization holds about them.

Also known as: Subject Access Request, SAR, DSAR

The right to access (GDPR Article 15) lets you find out exactly what data companies have collected about you.

What You Can Request

A copy of all personal data held about you
The purposes of processing
Who the data has been shared with
How long the data will be stored
The source of the data (if not collected directly from you)

How to Exercise It

Send a written request (email is fine) to the organization's DPO or privacy team
Include enough information to identify yourself
The organization must respond within 30 days (GDPR) or 45 days (CCPA)
The response must be free (first request)

What You'll Discover

Most people are shocked by how much data companies hold. Google Takeout, Facebook's "Download Your Information," and Apple's privacy portal let you see your data directly.

Related Terms

CCPA

The California Consumer Privacy Act grants California residents rights over their personal information, including the right to know what data is collected, delete it, opt out of its sale, and not be discriminated against for exercising these rights.

GDPR

The General Data Protection Regulation is a comprehensive data protection law in the European Union that gives individuals control over their personal data. It establishes strict requirements for how organizations collect, process, store, and transfer personal information.

Right to Be Forgotten

A legal right, primarily under GDPR Article 17, that allows individuals to request the deletion of their personal data from organizations and search engine results when it's no longer necessary or was processed without proper consent.

Have more questions?

Use our guided flow to get the right next privacy step for Right to Access.

Open Guided Flow