DSAR Compliance Is Evolving: Why California’s Enforcement Action Is a Wake-Up Call for UK Businesses

A U.S. enforcement case is sending shockwaves across the UK. The CPPA’s action against poor DSAR handling is a warning for global businesses. This blog explores what UK organisations can learn from it—and why manual DSAR processes are no longer fit for purpose under growing regulatory pressure.

Why Automating DSARs Is Now a Business Imperative

Manual DSAR processing is no longer sustainable. As global privacy laws expand and requests surge, organisations must move beyond spreadsheets and email threads. This blog explores why automation is now essential for scalable, compliant, and audit-ready DSAR handling.

Inside a DSAR: What Really Happens When Someone Submits a Request

When someone submits a Data Subject Access Request (DSAR), what actually happens inside an organization? This blog takes you inside the full DSAR process — from intake to identity verification, data discovery, redaction, and secure delivery. We break down key compliance steps, common challenges, and best practices for responding quickly and accurately. Learn how automation can simplify DSAR management, reduce risk, and help your organization build trust in today’s privacy-first world.

Legal Privilege and Data Subject Access Requests: Clearing Up the Expiry Myth

Many UK organisations mistakenly believe that legal professional privilege (LPP) ends once a legal case concludes. In reality, LPP continues to apply under the UK GDPR and the Data Protection Act 2018. This blog unpacks that misconception and explains how LPP remains a critical exemption in handling Subject Access Requests (SARs)—even after a case is closed.

Manual vs. Automated DSARs: A Smarter Way to Stay Compliant

ill handling DSARs manually? You could be risking delays, errors, and compliance gaps. This article breaks down the key differences between manual and automated DSAR handling—and shows how AI tools like DSAR.ai can boost accuracy, speed, and trust without increasing your team’s workload.

Mastering DSAR Compliance in 2025: How to Build Trust and Stay Ahead

n 2025, DSAR compliance is no longer just a legal checkbox—it’s a strategic imperative. This guide explores how organizations can transform their DSAR processes into a trust-building advantage by embracing automation, proactive data governance, and customer transparency. Discover how tools like DSAR.ai help you stay compliant, efficient, and ahead of the curve in an evolving privacy landscape
Professional reviewing GDPR Subject Access Requests (DSARs) on a laptop, surrounded by compliance documents and GDPR icons, highlighting data privacy and regulatory responsibilities.

From Compliance To Confidence: Leveraging The DSAR.ai Platform

Handling Data Subject Access Requests (DSARs) in today’s privacy-first world is complex—but it doesn’t have to be chaotic. Discover how tools like dsar.ai help professionals automate DSAR workflows, ensure GDPR compliance, and turn a high-risk process into a streamlined, future-ready strategy.
ICO SAR Test

ICO SAR Guidance Summary

The ICO has observed a significant rise in complaints concerning Data Subject Access Requests (DSARs). Between April 2022 and March 2023, the ICO received 15,848 complaints, highlighting ongoing challenges with compliance. In response, the ICO has taken enforcement action, such as reprimanding organisations for failing to meet DSAR deadlines. For instance, Norfolk County Council was reprimanded in May 2023 after responding on time to only 51% of DSARs between April 2021 and April 2022.
Information from a DSAR request

When Can You Withhold Information from a DSAR Request?

Under UK GDPR, organisations can withhold information from a Data Subject Access Request (DSAR) under specific circumstances. These exemptions must be applied carefully and justified on a case-by-case basis. Reasons include protecting third-party data, legal privilege, or manifestly excessive requests. Understanding and applying these exemptions correctly is vital for ensuring compliance while safeguarding sensitive information.
Navigating Special Cases in Personal Data for DSARs

Navigating Special Cases in Personal Data for DSARs

Special categories of personal data—such as unstructured manual records, health, educational, and social work data—come with specific challenges when responding to Data Subject Access Requests (DSARs). UK businesses and public authorities must be aware of the unique compliance requirements for each category, particularly regarding cost limitations, search obligations, and exemptions, to avoid falling short of GDPR standards.