If you’ve recently been the recipient of a DSAR, it's not just you - over the past few months and years, many businesses across multiple sectors have experienced an increase in the number of data subject access requests (often known as DSARs or SARs) received.
The ICO - the UK's data protection regulator - confirmed in July that once again DSARs had claimed the top spot for their most complained-about topic, representing just under 39% of the almost 40,000 total data protection complaints received.
It's hard to say why or how this trend has emerged - there are likely a number of different factors at play. Although we have all had the right to make a DSAR against any organisation holding our personal data for decades, awareness of these rights has gathered pace since the GDPR first came into force in 2018. DSARs have also long been used as a tool by claims management companies as a pre-cursor to any formal action or claims, and are now commonly used in a similar context by individuals.
For businesses, this has meant that any individual customer complaint or employee grievance or dispute will likely result in a DSAR being submitted. As a result, mishandling DSARs not only gives rise to a risk of non-compliance with data protection laws, but also to a much broader litigation risk.
We are also seeing an increase in the sophistication of requests received - especially from employees or former employees, with inside knowledge of information management and communication systems. As different methods of communication and surveillance or monitoring have become part of our daily routine, the complexity of managing DSARs has increased. Often Teams messages / recorded calls, Slack conversations and instant messaging or WhatsApp messages on work devices are requested, along with workplace surveillance logs such as swipe card or biometric usage and CCTV footage.
Navigating this in a compliant manner is a challenge - but one we can help with! At Burness Paull, we have a cross-disciplinary team that can provide you with strategic and practical guidance on managing DSARs. We utilise market-leading technologies to help us support you with minimising document reviews and redacting or extracting information in a compliant manner.
If you need support with any DSARs or are interested in hearing more, please contact Morag Moffett or Jo McLean.
Written by
Related News, Insights & Events
Error.
No results.
Getting your data ducks in a row: putting the Data (Use and Access) Act 2025 into practice for pension schemes
09/06/2026
In this blog, we consider how The Data (Use and Access) Act 2025 (the “DUAA”) raises the bar for how pension trustees’ role as data controllers must be performed.
Webinar recordings: Data Privacy & Cyber Webinar Series 2026
05/06/2026
Our annual Data Privacy and Cyber webinar series is designed to help organisations navigate the evolving data privacy and cyber security landscape with confidence.
Is the definition of “personal data” having an identity crisis?
26/02/2026
The definition of “personal data” has been subject to recent scrutiny in both the EU and the UK. In this article, we explore some of the recent case law and commentary in both the UK and the EU.
{name}
{properties.pageSummary}
{properties.headline}
{properties.pageDate|date:dd/MM/yyyy}
{properties.shortDescription}
