Question 1

How is a GDPR deadline calculated?

Accepted Answer

Under the EU GDPR, you have 1 calendar month from the day after receipt to respond. "Month" means the same date next month (e.g., January 15 to February 15). If the equivalent date does not exist (e.g., January 31 to February), the deadline falls on the last day of the month. If the deadline falls on a weekend or public holiday, it extends to the next business day.

Question 2

What happens if I miss a DSAR deadline?

Accepted Answer

Missing a DSAR deadline is a regulatory compliance failure. Under GDPR, supervisory authorities can impose fines up to 20 million euros or 4% of global annual turnover. Beyond fines, late responses erode trust with data subjects, can trigger formal complaints to regulators, and may be cited as evidence of non-compliance in broader investigations.

Question 3

Can I extend a DSAR deadline?

Accepted Answer

Under GDPR, you can extend the deadline by an additional 2 months if the request is complex or if you have received a large number of requests. You must notify the data subject of the extension and the reasons for it within the original 1-month deadline. Under CCPA, a 45-day extension is available when reasonably necessary, with written notice to the consumer.

Question 4

How do US state privacy law deadlines differ?

Accepted Answer

US state privacy laws vary significantly. California (CCPA/CPRA) allows 45 calendar days. Colorado and Connecticut allow 45 calendar days. Virginia allows 45 calendar days. Some states count in business days rather than calendar days. Extension periods also vary: CCPA allows an additional 45 days, while others may allow 15-45 additional days depending on circumstances.

Question 5

What's the difference between calendar days and business days?

Accepted Answer

Calendar days count every day including weekends and holidays. Business days (or working days) exclude weekends and public holidays. This distinction is critical: 45 calendar days is roughly 6.5 weeks, while 45 business days is about 9 weeks. Some laws (like GDPR) use calendar months, while several US state laws use calendar days. A few use business days for specific request types like opt-out requests.

Question 6

Is this legal advice?

Accepted Answer

No. This calculator provides estimated deadlines based on published privacy regulations. It is an informational tool only and does not constitute legal advice. Deadlines may vary based on specific circumstances, local holidays, and evolving regulatory guidance. Always consult qualified legal counsel for compliance decisions.

DSAR Deadline Calculator

Supported jurisdictions

Europe

United Kingdom

United States

Americas

Asia-Pacific

Africa & Middle East

The cost of missing a deadline

Frequently asked questions

Related privacy tools

Privacy Policy Generator

Hash Verification

Calculating deadlines is step one. Proving you met them is step two.