If you’ve recently been the recipient of a DSAR, it's not just you - over the past few months and years, many businesses across multiple sectors have experienced an increase in the number of data subject access requests (often known as DSARs or SARs) received.
The ICO - the UK's data protection regulator - confirmed in July that once again DSARs had claimed the top spot for their most complained-about topic, representing just under 39% of the almost 40,000 total data protection complaints received.
It's hard to say why or how this trend has emerged - there are likely a number of different factors at play. Although we have all had the right to make a DSAR against any organisation holding our personal data for decades, awareness of these rights has gathered pace since the GDPR first came into force in 2018. DSARs have also long been used as a tool by claims management companies as a pre-cursor to any formal action or claims, and are now commonly used in a similar context by individuals.
For businesses, this has meant that any individual customer complaint or employee grievance or dispute will likely result in a DSAR being submitted. As a result, mishandling DSARs not only gives rise to a risk of non-compliance with data protection laws, but also to a much broader litigation risk.
We are also seeing an increase in the sophistication of requests received - especially from employees or former employees, with inside knowledge of information management and communication systems. As different methods of communication and surveillance or monitoring have become part of our daily routine, the complexity of managing DSARs has increased. Often Teams messages / recorded calls, Slack conversations and instant messaging or WhatsApp messages on work devices are requested, along with workplace surveillance logs such as swipe card or biometric usage and CCTV footage.
Navigating this in a compliant manner is a challenge - but one we can help with! At Burness Paull, we have a cross-disciplinary team that can provide you with strategic and practical guidance on managing DSARs. We utilise market-leading technologies to help us support you with minimising document reviews and redacting or extracting information in a compliant manner.
If you need support with any DSARs or are interested in hearing more, please contact Morag Moffett or Jo McLean.
Written by
Related News, Insights & Events
Tech & IP Conference 2025: Evolution or Revolution?
07/05/2025 - Everyman Cinema, St James Quarter, Edinburgh
Our annual Tech & IP Conference will explore how businesses can take advantage of change to evolve, build resilience, and leverage competitive advantage through powerful technologies and innovation.
Cyber Crime in the Trust Economy: Navigating an evolving threat landscape
Read our latest Trust Economy paper here.
Is a ban on payments to hackers the answer to the growing threat of ransomware?
Ransomware continues to be a fast-growing and hugely damaging form of cyber attack. It is believed to have earned criminal gangs over $1billion in 2023 and shows no sign of abating in 2025.
