Why DSAR Volumes Are Increasing and What It Means for Compliance Teams

Navigating Special Cases in Personal Data for DSARs

One of the most common challenges in DSAR processing is meeting strict timelines as request volumes continue to rise.

In many cases, delays are not caused by a lack of resources, but by inefficiencies across the workflow — from data collection and classification to redaction and final review.

In this blog, we’ll break down why DSAR volumes are increasing, what it means for compliance teams, and how organisations can adapt to manage growing demand effectively

DSAR volumes are not rising gradually.

They are accelerating.

For many organisations, what was once a manageable compliance task has now become a continuous operational challenge. Teams that handled a few requests a month are now dealing with dozens, sometimes hundreds.

This shift is not temporary. It reflects a deeper change in how individuals understand and exercise their data rights.

Why are DSAR volumes increasing?

DSAR volumes are increasing due to higher consumer awareness, stricter data protection regulations, rapid growth in digital data, and the emergence of AI tools that make submitting requests easier and faster.

What is driving the increase in DSAR requests?

Several factors are contributing to this rise, and they are reinforcing each other.

Greater awareness of data rights
Individuals are far more aware of their rights under GDPR and similar laws. High-profile data breaches, regulatory actions, and media coverage have made DSARs more visible and accessible.

Stronger regulatory frameworks
GDPR enforcement continues to mature, while new regulations such as CPRA and other US state laws are expanding similar rights. As enforcement increases, so does usage.

Growth in digital data
Organisations now store significantly more personal data across emails, cloud systems, CRMs, and internal platforms. The more data exists, the more there is to request.

AI-generated requests
AI tools are lowering the barrier to entry. Individuals can now generate detailed, wide-ranging DSARs in seconds, often requesting broader datasets than before.

Legal and regulatory pressure
Litigation trends and regulatory campaigns are encouraging individuals to exercise their rights more frequently, particularly in regulated sectors like finance and healthcare.

How fast are DSAR volumes growing?

Recent data shows a sharp increase in DSAR activity across jurisdictions.

  • CCPA-related requests have grown significantly in recent years, with some platforms reporting over 200% growth between 2021 and 2024
  • GDPR-related DSARs have also seen sustained increases, with triple-digit growth reported across multiple studies
  • In some organisations, DSAR volumes have reached hundreds or even thousands of requests per month

This growth is not linear. It spikes during:

  • data breaches
  • regulatory announcements
  • coordinated campaigns

For compliance teams, this makes demand unpredictable.

What impact do rising DSAR volumes have on organisations?

Increased DSAR volumes place significant pressure on internal processes.

As volumes grow:

  • data collection becomes slower and more complex
  • classification and review workloads increase
  • response timelines become harder to manage
  • inconsistencies in handling requests become more visible

Manual processes begin to break down under scale.

Even teams that previously met deadlines start experiencing delays, backlogs, and increased operational costs.

The issue is not just workload. It is how that workload is structured.

What are the risks of not adapting to higher DSAR volumes?

Failing to adapt has both regulatory and operational consequences.

Missed deadlines
Under GDPR Article 12(3), organisations must respond within one month. Failing to meet this deadline without valid justification can lead to regulatory scrutiny.

Increased enforcement risk
Regulators expect organisations to demonstrate that they can manage DSARs effectively, even at higher volumes.

Reputational damage
Delays or incomplete responses can lead to complaints, which may escalate into public or regulatory issues.

Operational strain
Backlogs increase pressure on teams, leading to burnout, errors, and inconsistent handling of requests.

Over time, these risks compound.

Why do most DSAR processes struggle as volumes increase?

Most DSAR workflows are designed for low to moderate volumes.

As demand increases:

  • manual tracking systems fail
  • inconsistencies in classification become more frequent
  • review queues start building up
  • prioritisation becomes unclear

At this stage, many organisations assume they need more staff.

In reality, the underlying issue is that the process itself does not scale.

Higher volumes simply expose inefficiencies that were already present.

How are organisations adapting to rising DSAR volumes?

Organisations that are managing DSAR volumes effectively are not relying on more resources. They are improving how their processes work.

Centralised intake systems
Instead of handling requests across multiple channels, organisations are consolidating intake into a single, trackable system.

Early-stage triage
Requests are assessed early based on complexity, volume, and sensitivity, allowing teams to prioritise effectively.

Improved data mapping
Knowing where data is stored reduces time spent searching and prevents duplication of effort.

Cross-functional alignment
Clear ownership between IT, compliance, and legal teams reduces delays between stages.

Continuous process improvement
Teams regularly review workflows, identify bottlenecks, and refine how requests are handled.

These changes do not eliminate workload, but they make it manageable.

What does this mean for compliance teams going forward?

DSAR volumes are unlikely to decrease.

If anything, they will continue to rise as:

  • more regulations are introduced
  • awareness increases further
  • AI tools become more accessible

For compliance teams, this means DSAR handling is no longer a reactive task.

It is an ongoing operational function that requires structure, consistency, and scalability.

Frequently Asked Questions

Are DSAR requests increasing globally?

Yes, DSAR volumes are increasing across regions due to stronger regulations, higher awareness, and growth in digital data.

What industries are most affected by DSAR volume increases?

Highly regulated sectors such as finance, healthcare, and technology tend to see higher volumes due to the amount of personal data they handle.

Do AI tools impact DSAR volumes?

Yes, AI tools make it easier to generate and submit DSAR requests, often increasing both the frequency and complexity of requests.

Can organisations handle higher DSAR volumes without increasing staff?

Yes, by improving workflows, structuring processes, and reducing inefficiencies, organisations can manage higher volumes without significantly increasing headcount.

Final Thought

Rising DSAR volumes are not just a compliance challenge.

They are an operational one.

Organisations that treat DSAR handling as a structured, scalable process will be better positioned to manage demand, maintain compliance, and avoid the risks that come with falling behind.