This would usually be the company or public body that controls the processing of your personal data. Note that not only private companies but also public authorities can be covered by GDPR.
Here are a few suggested tips, based on our own experience with Data Subject Access Requests (DSARs). This is based on DSARs under the EU General Data Protection Regulation (GDPR), but we hope our tips may be useful in other jurisdictions too.
