Under GDPR, what is the typical maximum response time for a Data Subject Access Request (DSAR)?
A CISSP practice question covering Domain 1: Security and Risk Management. Try answering before reading the explanation below.
Show options & answer
Why "30 days (with one-time extension up to 60 additional days)" is the right answer
GDPR Article 12 requires response without undue delay and within one month, extendable by two further months for complex requests. The 72-hour figure refers to breach notifications under Article 33. Longer windows are not GDPR.
Study videos for this topic
Want to go deeper on Domain 1? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 1: Ethics & the 5 Pillars (Canon Order)
Domain 1 — Security and Risk Management
CISSP Domain 1: Governance, Roles & Due Care (2026)
Domain 1 — Security and Risk Management
CISSP Domain 1: Laws, IP & GDPR (Compliance)
Domain 1 — Security and Risk Management
CISSP Domain 1: Investigation Types & Security Docs
Domain 1 — Security and Risk Management
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.