If you’ve recently been the recipient of a DSAR, it's not just you - over the past few months and years, many businesses across multiple sectors have experienced an increase in the number of data subject access requests (often known as DSARs or SARs) received.
The ICO - the UK's data protection regulator - confirmed in July that once again DSARs had claimed the top spot for their most complained-about topic, representing just under 39% of the almost 40,000 total data protection complaints received.
It's hard to say why or how this trend has emerged - there are likely a number of different factors at play. Although we have all had the right to make a DSAR against any organisation holding our personal data for decades, awareness of these rights has gathered pace since the GDPR first came into force in 2018. DSARs have also long been used as a tool by claims management companies as a pre-cursor to any formal action or claims, and are now commonly used in a similar context by individuals.
For businesses, this has meant that any individual customer complaint or employee grievance or dispute will likely result in a DSAR being submitted. As a result, mishandling DSARs not only gives rise to a risk of non-compliance with data protection laws, but also to a much broader litigation risk.
We are also seeing an increase in the sophistication of requests received - especially from employees or former employees, with inside knowledge of information management and communication systems. As different methods of communication and surveillance or monitoring have become part of our daily routine, the complexity of managing DSARs has increased. Often Teams messages / recorded calls, Slack conversations and instant messaging or WhatsApp messages on work devices are requested, along with workplace surveillance logs such as swipe card or biometric usage and CCTV footage.
Navigating this in a compliant manner is a challenge - but one we can help with! At Burness Paull, we have a cross-disciplinary team that can provide you with strategic and practical guidance on managing DSARs. We utilise market-leading technologies to help us support you with minimising document reviews and redacting or extracting information in a compliant manner.
If you need support with any DSARs or are interested in hearing more, please contact Morag Moffett or Jo McLean.
Written by
Related News, Insights & Events
Risk horizon scan: 2025
January is the optimal time for businesses to review risk registers against management plans and goals for the next 12 months.
Cyber security – looking back on 2024 and what businesses can expect in 2025
2024 was another year in which UK businesses battled to combat cyber security threats, which continue to impact organisations of all sizes across all sectors.
Christmas is coming… and the cyber threat is heightened
The increased cyber risks around the Christmas and New Year period.