Redaction is now one of the most critical control points in DSAR handling. It sits at the boundary between an organisation’s internal data and what is shared with the requester, the ICO, and sometimes legal representatives. When redaction goes wrong, complaints escalate quickly, and under UK GDPR and the Data (Use and Access) Act (DUAA) every decision must be explainable and defensible.

Why redaction carries the highest risk

Redaction is where an organisation decides, line by line, what the requester is entitled to see and what must be withheld. If that judgement is wrong, the impact is immediate. Requesters can see errors instantly, and the ICO has frequently highlighted redaction mistakes as one of the most common triggers for complaints.

Accuracy requirements are strict. The requester’s own information must not be concealed without a lawful reason. Third-party information must be protected. Exemptions must be applied correctly. DUAA reinforces these expectations and requires stronger record keeping, clearer reasoning and better complaint handling. The ICO expects organisations to explain how they reached each redaction decision and what quality assurance steps were followed.

Where redaction failures usually occur

Many problems come from elements that are not visible at all.

Hidden metadata
Document properties, tracked changes, embedded comments, version histories and unhidden sheets in spreadsheets often contain names and personal information that were never meant to be disclosed.

Copy-paste leakage
When staff apply visual masking instead of proper redaction, the underlying text often remains searchable or appears again when the file is converted.

Inconsistent rules
Two handlers may apply different interpretations of the same category of data. The requester receives conflicting treatment across the bundle, which undermines trust and increases the likelihood of a complaint.

Over-redaction
Removing entire paragraphs instead of the specific information that needs protecting can hide the requester’s own data and give the impression of concealment.

Under-redaction
Leaving identifiable third-party information, confidential material or sensitive opinions in place exposes the organisation to fresh complaints from those individuals.

Lack of structured QA
In many teams, redaction is rushed, handled by staff without specific training, or completed without a systematic final check.

What strong redaction QA looks like

A reliable redaction QA process treats redaction as a controlled activity rather than a manual, last-minute clean-up.

Two-stage review
A technical review to check accuracy and adherence to rules.
A context review to ensure the remaining text does not inadvertently reveal what was removed.

Sampling for large bundles
Sampling can focus on higher-risk documents, key correspondents or particular date ranges to make QA scalable.

Metadata and OCR checks
Teams should check for hidden metadata, unflattened layers, tracked changes and OCR text. If scanned documents were converted into searchable text, both layers must be reviewed and redacted.

Standardised frameworks
Clear rule sets for common categories of information prevent inconsistent decisions. Regular testing, including copy-paste and search checks, ensures redactions are permanent.

Concept-based spotting
Indirect identifiers, such as job roles or unique events, often reveal more than names. Strong QA looks for contextual clues, not only exact strings.

Documented reasoning
Every significant redaction should be linked to a rule or exemption so that the organisation does not need to re-review the entire bundle when challenged.

Human oversight where AI is used

AI-assisted redaction tools can process large document sets quickly, but they do not replace human judgement. The regulator is clear that decisions affecting individuals’ rights require meaningful human involvement.

AI can highlight potential personal data. Human reviewers must confirm whether the redaction is appropriate. QA should actively test AI outputs, checking for both false positives and false negatives and using the findings to refine rules and workflow.

AI logs add an important layer of defensibility because they show what the tool identified, what humans accepted and what they rejected.

Practical workflows teams can implement today

Redaction checklists
A short, mandatory checklist covering scope confirmation, metadata checks, rule selection, sampling and final sign-off.

Templates for common document types
Standard approaches for HR emails, complaint files or system exports reduce variability and support quicker decision making.

Clear escalation routes
Where reviewers face borderline calls, they should know who has the authority to decide and how to record that decision.

Playbooks for high-risk data
Safeguarding cases, internal investigations or special category data require additional controls and senior oversight.

These practical steps reduce rework, keep teams consistent and significantly lower the volume of post-issue complaints.

Linking back to DUAA and ICO expectations

DUAA and updated ICO guidance reinforce a simple requirement. DSAR responses must be reasonable, documented and transparent. Proportionate searches support safer redaction because the review set contains fewer irrelevant or duplicate documents. Strong documentation protects teams when decisions are challenged. Clear communication reduces escalation.

A DSAR is only defensible if the redaction is defensible.

How DSAR.ai supports robust redaction QA

DSAR.ai helps organisations detect personal data across large document sets, apply consistent rules and build complete audit trails. Suggested redactions are always subject to human review, with logs that record which decisions were accepted or overridden. This creates a defensible workflow that aligns with DUAA and ICO expectations while reducing errors and avoiding unnecessary complexity.

To see how DSAR.ai can strengthen your redaction QA and reduce complaint risk, book a walkthrough with our team.