If you’ve recently been the recipient of a DSAR, it's not just you - over the past few months and years, many businesses across multiple sectors have experienced an increase in the number of data subject access requests (often known as DSARs or SARs) received.

The ICO - the UK's data protection regulator - confirmed in July that once again DSARs had claimed the top spot for their most complained-about topic, representing just under 39% of the almost 40,000 total data protection complaints received.

It's hard to say why or how this trend has emerged - there are likely a number of different factors at play. Although we have all had the right to make a DSAR against any organisation holding our personal data for decades, awareness of these rights has gathered pace since the GDPR first came into force in 2018. DSARs have also long been used as a tool by claims management companies as a pre-cursor to any formal action or claims, and are now commonly used in a similar context by individuals.

For businesses, this has meant that any individual customer complaint or employee grievance or dispute will likely result in a DSAR being submitted. As a result, mishandling DSARs not only gives rise to a risk of non-compliance with data protection laws, but also to a much broader litigation risk.

We are also seeing an increase in the sophistication of requests received - especially from employees or former employees, with inside knowledge of information management and communication systems. As different methods of communication and surveillance or monitoring have become part of our daily routine, the complexity of managing DSARs has increased. Often Teams messages / recorded calls, Slack conversations and instant messaging or WhatsApp messages on work devices are requested, along with workplace surveillance logs such as swipe card or biometric usage and CCTV footage.

Navigating this in a compliant manner is a challenge - but one we can help with! At Burness Paull, we have a cross-disciplinary team that can provide you with strategic and practical guidance on managing DSARs. We utilise market-leading technologies to help us support you with minimising document reviews and redacting or extracting information in a compliant manner.

If you need support with any DSARs or are interested in hearing more, please contact Morag Moffett or Jo McLean.

Written by

Related News, Insights & Events

Data Subject Access Requests Masterclass Webinar

03/06/2025

Online masterclass for practical tips from our data protection and employment law experts on managing even the most complex DSARs.

Data Spring Webinar Series: Data Governance Demands in 2025

20/05/2025 - Online webinar

Our upcoming data webinar series will consider key data protection compliance requirements, explore data governance best practice, and highlight key areas of interest for the UK regulator (ICO).

Cyber Crime in the Trust Economy: Navigating an evolving threat landscape

Read our latest Trust Economy paper here.

Want to hear more from us?

Subscribe here Subscribe here

Advice for the way we live our lives.

Burness Paull is known globally as the go-to Scottish law firm.

Guide: Doing Business in the UK

Legal insights

For Women Scotland Ltd v Scottish Ministers: Supreme Court rules on meaning of “sex"

Events

Junior Energy In-House Lawyers Webinar Series

Topics

Welcome to Burness Paull.

Human and high-performing

Delivering real change for our clients, people and communities

Responsible business lies at the heart of our decision-making.

Firm news

Burness Paull promotes five lawyers to partner

We believe you’re not a tiny cog in a giant machine.

Vacancies

Looking for a workplace that will value your curiosity, passion, and desire to grow?

Don't settle for standard, help us set new ones.