Data privacy: The DSAR crisis
When good intentions meet operational reality
Key Points
- DSARs (Data Subject Access Requests) have skyrocketed (up 222% since 2021), creating an operational and financial crisis for organizations, with many overwhelmed by high volumes and tight GDPR deadlines.
- Manual DSAR processing is unsustainable, costing an average of $1,524 each, due to fragmented data, poor stakeholder coordination, and low confidence in compliance among privacy professionals.
- Most DSARs (66.8%) now come from employees, especially during disputes, making these requests much more complex because employee data is scattered across various business systems.
- Organizations that succeed with DSARs use unified data search, automation, and cross-functional teams to streamline compliance, reduce risk, and avoid regulatory penalties.
DSARs were supposed to empower individuals. Instead, they've become an operational crisis for most organizations. Between 2021 and 2024, GDPR requests surged 222%. Some companies now field 1,000 DSARs monthly, many from non-customers testing systems or employees in workplace disputes.
The numbers tell the story
The Ireland DPC (Data Protection Commission) reports that DSARs are both the most common reason individuals contact them AND the largest source of complaints. In 2024, the DPC issued eight enforcement notices, predominantly for failures to respond to access requests. The pattern is consistent: organizations miss the one-month deadline or improperly apply redactions and exemptions.
Why organizations struggle
The average cost of manually processing a single DSAR is $1,524, according to Gartner. At scale, this becomes financially unsustainable. But cost isn't the only problem:
- Fragmented data estates: Information scattered across email, collaboration tools, archives, and cloud storage
- Stakeholder coordination: 27% of DPOs (data protection officers) cite coordination issues as their primary DSAR challenge
- Confidence crisis: Only 20% of privacy professionals are fully confident in their organization's compliance
The employee factor
Here's what catches many organizations off-guard: 66.8% of DSARs come from employees, typically during workplace disputes when they want access to performance reviews, emails, and internal communications. These requests are often more complex than customer DSARs because employee data tends to be more dispersed and intermingled with business operations. Additionally, individuals are using AI tools to draft their DSARs, making requests more comprehensive and creating challenges where organizations may provide information outside the required parameters.
The path forward
Organizations that manage DSARs effectively share common characteristics:
- Unified search capabilities across all data repositories
- Automated workflows that reduce manual review time
- Cross-functional processes involving legal, IT, and HR from the start
- Proactive documentation of data flows and processing activities
Your infrastructure
DSAR volume isn't decreasing. 2025 data shows a 43% year-over-year increase in total Data Subject Request volume, and data deletion requests now account for 82% of all DSRs. The question isn't whether your organization will face more requests, but whether your infrastructure can handle them without breaking.
Streamline DSAR compliance, reducing risk, resource drain, and the likelihood of regulatory penalties with Unified Search with Performance Advantage.
Abonnez-vous à Cyber Resilience Insights pour plus d'articles comme ceux-ci
Recevez toutes les dernières nouvelles et analyses de l'industrie de la cybersécurité directement dans votre boîte de réception.
Inscription réussie
Merci de vous être inscrit pour recevoir les mises à jour de notre blog.
Nous vous contacterons !