One of the important rights afforded to individuals by the GDPR, CCPA and other privacy laws is the right to make a data subject access request (DSAR). Privacy officers from Autodesk, Credit Karma and Netflix recently offered a roadmap to navigating DSARs at the Privacy + Security Forum Fall Academy, including the methods by which individuals can request copies of their data, the processes for verifying the legitimacy of requests, narrowing overly broad requests, available exceptions, the timing, format and delivery of responses, handling third-party requests and the unique issues raised by employee requests. This article distills their insights. See “How to Comply With Key CCPA Notice and Consumer Request Requirements” (Jun. 24, 2020); and “How to Handle E.U. Data Subject Access Requests” (Dec. 11, 2019).