Data Subject Access Request (DSAR)
A formal request made by an individual exercising their legal right to obtain a copy of all personal data an organization holds about them, along with information about how that data is processed.
Under GDPR, organizations must respond to DSARs within 30 days. The response must include all personal data held, the purposes of processing, who the data has been shared with, and the source of the data. Other regulations like CCPA/CPRA provide similar rights. Many websites now provide self-service data export features to handle DSARs at scale.
From a QA perspective, testing DSAR features means verifying that the data export is complete (no data sources missed), accurate, provided in a portable format (like JSON or CSV), and that the process is accessible and functional for all users.
Why It Matters for QA Teams
If the data export feature omits data from a database that QA did not test, the organization fails its legal obligation. QA must verify that DSAR responses are complete across all data stores.
Example
A QA engineer tests the 'Download My Data' feature and compares the export against the actual database records. The export includes profile information and order history but omits support ticket data stored in a separate Zendesk integration. The team adds the Zendesk data source to the export pipeline and re-tests to ensure completeness.