DSARs in EMEA Aren't Slowing Down – Can Your Technology Keep Pace?

Across the UK and the EU, Data Subject Access Requests (DSARs) are no longer an occasional compliance exercise. For many organisations, they have become a persistent operational challenge that sits at the intersection of privacy, legal, HR, and compliance.

Driven by GDPR and UK GDPR obligations, DSAR volumes continue to rise across the region. Regulators have reinforced that individuals have a clear right to access their personal data, and organisations must respond within strict timelines – typically one month. Missing those deadlines can expose organisations to regulatory scrutiny, reputational risk, and potential penalties.

Importantly, DSAR compliance is not limited to European organisations. Any company anywhere in the world that processes data relating to EU or UK residents may be subject to these requirements.

At the same time, DSARs are increasingly being used strategically. In employment disputes, workplace investigations, and customer complaints, individuals and their advisers often submit DSARs as a way to surface internal communications and documentation that may support their position before proceedings officially begin.

Economic conditions can also contribute to spikes in requests. During periods of organisational change – such as restructures, layoffs, or internal disputes – DSAR volumes frequently increase as individuals seek transparency around decisions that affect them.

As a result, DSAR management is moving higher up the executive agenda. What was once viewed as a narrow privacy compliance function is increasingly recognised as an operational issue with significant cost, risk, and resource implications.

The question many organisations are now facing is not whether DSARs will continue to increase – it’s whether their technology and workflows can keep pace.

The Modern Data Problem: It’s Not Just Email Anymore

Part of the challenge stems from how dramatically corporate data has evolved.

Historically, responding to a DSAR might have involved searching email archives and shared document repositories. Today, personal data exists across a far broader and more fragmented ecosystem.

Collaboration platforms such as Microsoft Teams and Slack generate enormous volumes of conversational data. Customer service platforms like Jira and Zendesk hold detailed records of interactions, often containing sensitive personal information.

Meanwhile, modern working patterns introduce additional layers of complexity:

Mobile messaging applications such as WhatsApp or Signal
Bring Your Own Device (BYOD) environments, where work communications occur outside traditional systems
Voice recordings and voice notes
Video content, including CCTV footage and recorded meetings
Scanned documents and handwritten notes

Each of these data types presents unique challenges for identification, review, and redaction.

The issue is not simply the volume of data, but the variety of formats and platforms where personal information may reside. Organisations must be able to locate relevant data across multiple systems while ensuring their process remains defensible if questioned by regulators.

Technologies such as Relativity Short Message Format (RSMF) help standardise modern chat and messaging data – allowing platforms like Teams, Slack, and WhatsApp to be reviewed in a structured way alongside traditional document types.

But technology alone is not the answer. The effectiveness of a DSAR response ultimately depends on the workflow surrounding that technology.

Why Traditional DSAR Approaches Are Breaking Down

Many organisations still rely on DSAR processes built for a far simpler data environment.

These approaches typically involve manual collection, manual review, and manual redaction, often supported by large review teams working through documents line by line. While this model may have worked when DSARs were smaller and less frequent, it is increasingly unsustainable in today’s data landscape.

Common challenges include:

Technology limitations. Legacy tools often struggle to handle modern communication formats, multimedia files, or the scale of data generated by collaboration platforms.
Manual-first workflows. Heavy reliance on human reviewers to identify and redact personal data can slow response times dramatically.
Escalating outsourcing costs. Organisations frequently report large DSAR costs when external review teams are required, this can often be in the tens of thousands, with reports that some organisations face costs of up to £336,000 each year.
Operational strain. Privacy and legal teams often find themselves overwhelmed by the increasing frequency of requests.
Inconsistent redactions. Manual processes can introduce variability across review teams, increasing risk.
Deadline pressure. Strict one-month response windows leave little room for inefficient workflows.

Together, these factors are forcing organisations to rethink whether traditional DSAR processes are fit for purpose in a world of modern data.

Insights from the 5 in 5 Discussion: Speed, Scale, and Smarter Workflows

These challenges were explored in Episode 11 of the 5 in 5 series, where Clare Longworth of Relativity and myself, Mark Anderson of CDS, discussed how organisations across EMEA are adapting their DSAR strategies.

One key theme from our discussion is that DSAR programmes are no longer occasional projects – they are becoming operational processes that must scale across the enterprise.

Three key trends emerged from the conversation:

Growing Awareness of Data Rights

Individuals are becoming increasingly aware of their privacy rights and are more willing to exercise them. This heightened awareness is contributing to a steady rise in DSAR volumes across many industries.

For organisations, this means DSAR management must evolve from an ad-hoc response into a repeatable and scalable process.

Expanding Data Complexity

The speakers also emphasised the growing challenge of managing diverse and distributed data sources. Collaboration tools, messaging platforms, and multimedia data have dramatically expanded the universe of information that may fall within the scope of a DSAR.

Bringing these sources together into a unified review environment is critical for maintaining both efficiency and defensibility.

Speed Without Sacrificing Defensibility

Perhaps the most significant challenge is balancing speed with accuracy.

Organisations must meet strict regulatory deadlines while ensuring that personal data is identified, reviewed, and redacted appropriately. This requires processes that are not only fast, but also transparent and defensible.

Automation and AI are increasingly helping organisations strike that balance by narrowing datasets early and directing human expertise where it matters most.

AI-Driven, Scalable DSAR Workflows

To address rising DSAR complexity, many organisations are adopting technology-assisted workflows that combine automation with expert oversight.

Platforms such as RelativityOne enable organisations to build scalable DSAR processes that reduce manual effort while maintaining transparency.

Key capabilities include:

AI-assisted review. Tools like aiR for Review can analyse large datasets quickly while providing explainability and citations that support defensible decision-making.
Data reduction through analytics. Analytics tools help remove irrelevant data early, dramatically reducing the volume requiring human review.
Automated deduplication. Duplicate documents can be automatically removed to prevent unnecessary work.
Advanced redaction workflows. Solutions such as Relativity Redact allow rule-based and RegEx-driven redactions alongside generative AI for identifying personal data.
AI-enabled OCR. Handwritten notes and poor-quality scans can be converted into searchable text.
Audio and video transcription. Recorded calls, voice notes, and CCTV footage can be converted into text for faster review.

Together, these technologies allow organisations to move from manual DSAR responses to structured, repeatable workflows capable of handling large datasets.

Where Implementation Matters: CDS in EMEA

Technology alone does not solve DSAR challenges. Successful programmes also require expert implementation and operational experience.

Complete Discovery Source (CDS), a long-standing Relativity partner, supports organisations across EMEA – particularly in the UK and EU – by building DSAR workflows that combine automation with expert oversight.

Through AI-enabled end-to-end workflows, CDS helps organisations manage the full DSAR lifecycle, including:

Data collection
Processing and analysis
Review and redaction
Final production

These workflows combine automation with managed review and quality control, helping ensure both efficiency and defensibility.

An example of real-world outcomes highlights the potential impact:

£73,000 in cost savings on a single DSAR response
Completion of DSAR review within seven days, well inside regulatory deadlines
Nine million redactions completed overnight through automated workflows

As DSAR volumes continue to grow, the combination of technology, workflow design, and expert oversight is becoming increasingly important.

The New Standard for DSARs in EMEA

One thing is becoming increasingly clear: DSAR demand is unlikely to decline.

If anything, organisations should expect both the number and size of requests to continue increasing, driven by regulatory expectations, rising awareness of privacy rights, and the expanding volume of digital communications.

As a result, AI-enabled workflows are rapidly becoming foundational infrastructure for organisations that need to meet regulatory deadlines while controlling operational costs.

The most effective DSAR programmes are built on a simple principle: defensible automation combined with expert oversight.

This approach allows organisations to scale their response capabilities without scaling costs – ensuring DSAR compliance remains sustainable as requests continue to grow.

Continuing the Conversation

To learn more about modern DSAR workflows, connect with Relativity and Complete Discovery Source, and watch Episode 11 of the 5 in 5 series: “DSARs in EMEA — Speed, Scale & Smarter Workflows.”

The discussion explores how organisations are addressing rising DSAR volumes, managing complex modern data, and implementing smarter workflows to stay compliant without overwhelming their teams.

Graphics for this article were created by Caroline Patterson.

Lateral Thinking for LDI Minds: Solving Problems Creatively

Linear reasoning is crucial. But when you're staring down a stubborn workflow issue, a team bottleneck, or mounting external pressure, sometimes the breakthrough is hiding in a question you haven't asked yet.

As Managing Director, EMEA, at CDS, Mark Anderson provides expert consulting through all stages of the EDRM. He has worked on some of the largest, most complex international disputes and investigations, and brings deep experience supervising multinational teams, navigating complex cross-border issues, and applying technology assisted review (TAR).