Webinar recording: The hidden cost of data subject access requests
The session explored how data subject access requests are evolving from an occasional compliance task into a growing operational and strategic challenge. The panel discussed the drivers behind increased volume and complexity, alongside the real cost to organisations in terms of time, resource and risk. The panel also shared practical steps for building effective, proportionate processes that reduce disruption while ensuring compliance.
Key takeaways from our speakers
- DSARs are a fundamental legal right allowing individuals to access personal data held about them, with requests now free and increasingly common.
- There is no time limit on how far back requests can go, meaning organisations may need to search years of historic data (subject to “reasonable and proportionate” limits).
- Organisations must respond within one month, with strict rules around extensions, ID checks and clarifying scope.
- Poor handling can lead to ICO complaints, enforcement action or fines.
- From June, organisations must introduce internal complaints procedures before issues escalate to the regulator.
- Effective DSAR management relies on clear processes, staff training and strong data governance, particularly around retention and redaction.
- DSAR volumes and complexity are increasing significantly, driven in part by AI-generated, highly detailed requests.
- The average DSAR can take 15–20 hours to complete, placing pressure on HR, IT and operational teams.
- The biggest challenge is often data collection and review, particularly duplication across emails and systems.
- Early-stage handling is critical. Failure to recognise a DSAR quickly can put organisations immediately on the back foot.
- Poor communication during the process can escalate requests and increase the likelihood of complaints.
- Organisations should take a proactive approach: test processes, review retention policies, and address “off-grid” data sources such as messaging apps.
What next?
If you would like to review your organisation’s DSAR readiness, sense-check your current processes, or understand the impact of upcoming regulatory changes, please get in touch. We would be happy to arrange a short discussion to explore how we can support you.
