Extract from Petra Pasternak’s article “Simplify DSAR Responses with Time-Saving Technology”
Organisations that approach data subject access requests, or DSARs, as routine administrative obligations may be underestimating their growing cost and risk.
Recent legal and regulatory developments are raising the bar for compliance, reshaping organisations’ response to DSARs and other disclosure requirements.
The Data (Use and Access) Act 2025 (DUAA), updated guidance from the Information Commissioner’s Office (ICO), and pivotal case law such as Ashley v HMRC [2025] EWHC 134 (KB) (“Ashley”) introduce strict new procedural and transparency requirements. This leads to increased expectations around how organisations scope, search, and justify their responses.
At the same time, DSARs increasingly arise in litigation, employment disputes, regulatory scrutiny, and internal investigations.
