Many organisations are experiencing a sharp rise in Data Subject Access Requests (DSARs), and the impact can be significant. These requests are often complex, time consuming and costly to manage, particularly as their volume and scope continues to grow.
What is a DSAR?
A Data Subject Access Request is a legal right under the General Data Protection Regulation that allows individuals to obtain a copy of the personal data an organisation holds about them. These requests must be responded to within strict timeframes and, importantly, individuals do not need to provide a reason for making one or pay a fee to access their data.
In practice, DSARs are often submitted by employees or customers who are involved in a dispute or complaint, using the process as a way to gain further insight into how their information and dispute has been handled.
Failure to comply properly with DSARs can lead to regulatory scrutiny, civil penalties and legal claims.
Why are DSARs challenging?
Responding to a DSAR can be difficult. It involves identifying and extracting the relevant personal data relating to an individual, often across multiple IT systems such as email accounts, HR platforms and customer records. This can lead to extensive amounts of data being retrieved.
Once this data has been gathered, it must be carefully reviewed to ensure that only the requestor’s personal data is disclosed. This includes removing or redacting any third party or irrelevant information. For many organisations, this process can take a considerable amount of time and resource, particularly without the right tools or specialist support in place.
Why is this becoming a growing issue?
While DSARs have existed for many years, there has been a significant increase in their use in recent times. A key factor behind this is the rise of artificial intelligence, which has made it much easier for individuals to generate detailed, wide ranging requests in a matter of minutes.
AI is also being used to analyse responses, identify gaps and prompt further follow up requests. This is creating a cycle where organisations are facing repeated and increasingly complex DSARs.
At the same time, there is a growing willingness among requestors to challenge responses, submit complaints to regulators and, in some cases, pursue legal action where they believe their rights have not been properly met. This is only likely to increase with the new statutory requirements for handling data complaints.
How we can support you
WBD Clarity is our proven solution that combines legal expertise with technology to streamline the DSAR process from start to finish.
Our approach enables large volumes of data to be filtered, reviewed and redacted quickly and accurately, reducing the time and cost involved. We can also support the extraction of data from complex IT environments, helping to ensure that responses are both proportionate and compliant.
Clarity has been in operation for over five years, has been nominated for a Financial Times Innovation Award, and is trusted by many major UK organisations.
If you are seeing an increase in DSARs, or are concerned about the time and resource required to manage them, please get in touch with Amy Prime to arrange a demo of WBD Clarity.
This article is for general information only and reflects the position at the date of publication. It does not constitute legal advice.