The hidden costs of data subject access requests (DSARs) on privacy
As data privacy laws evolve and the demand for transparency grows, privacy offices are increasingly burdened with the rising cost of processing Data Subject Access Requests (DSARs). In fact, a 2024 survey indicated a staggering 246% increase in DSARs over the past two years. And they’re costing companies big time – to the tune of $1.5k per request. For offices that handle these privacy requests manually, the costs are incremental. What began as a regulatory obligation to grant individuals access to their personal data has ballooned into a costly and resource-draining task for privacy teams.
From labor-intensive manual reviews to the complexity of identifying, retrieving, and securely delivering data, DSARs require significant investments in both technology and personnel. The challenge lies not only in complying with these legal requirements but also in maintaining the balance between operational efficiency and safeguarding the personal data they are entrusted with.
But what actually is a DSAR – and why are they causing such a stir? Let’s dive in.
Commercial Manager of Data Privacy at Syrenis.
Why should businesses care about rising DSARs, anyway?
A DSAR is a legal right granted to individuals under data privacy regulations – such as the GDPR in the EU or CCPA in California – that allows them to request access to their personal data held by an organization. Essentially, it’s a way for people to understand what data is being collected about them, how it’s being used, and to ensure their privacy rights are respected.
When someone submits a DSAR, an organization must provide a comprehensive report on all the data they hold on that individual. This could include everything from personal details to browsing history, transaction records, or even interactions with customer service.
For privacy teams (especially those that process these requests manually) DSARs can become a complex and resource-intensive process. The challenge is not just in identifying and retrieving the right data, but also ensuring it’s done securely, within the required timeframes, and in compliance with the law – which becomes more and more challenging as new regulations appear across the globe.
In some jurisdictions like Chile, with few legacy protections, new laws are created to provide for additional individual rights. Meanwhile, the United States continues multiplying the number of data subjects with DSAR rights and adding to the list of available rights. Still other authorities have increased enforcement of existing laws, including on topics related to DSAR handling.
Public awareness is also a driving force behind this trend. With data breaches on the rise (up 78% in 2023 alone) consumers are more informed about the risks their personal data faces. Increasing media attention, stricter breach notification laws, and high-profile enforcement actions are making consumers more cautious and proactive.
Compliance isn’t just ethical, it’s economical
Meeting DSAR requirements can set your business apart by reinforcing your reputation as an ethical, customer-centric organization. Customers are more likely to trust companies that take their privacy seriously. Being proactive in addressing DSARs and offering users easy access to their data builds credibility and strengthens brand loyalty. What’s more, businesses that excel in DSAR compliance not only minimize the risk of fines and legal penalties, but they also foster a culture of transparency that can lead to higher customer satisfaction and retention rates.
To turn DSAR compliance into a strategic advantage, here are three actionable tips businesses can implement to safeguard customer data and stay ahead of the competition:
Adopt Data Minimization and Secure Storage Practices: One of the best ways to reduce the burden of responding to DSARs is to minimize the amount of personal data collected in the first place. By adopting data minimization principles (that is, only collecting the data that’s necessary and for the minimum amount of time) businesses limit the scope of DSARs and reduce the risks associated with data breaches. Additionally, secure storage practices, such as encrypting sensitive data and using access controls, can help prevent unauthorized access while DSARs are being processed.
Create Clear, User-Friendly DSAR Processes: Make it as easy as possible for customers to submit DSARs by offering easy-to-read instructions and multiple channels for requests. Whether it’s through an online portal, customer service team, or dedicated privacy email address, ensuring that the process is simple and transparent encourages individuals to take advantage of their rights. Timely and clear responses, coupled with transparency about how their data is being used, can further cement your organization as a trusted entity in the eyes of your customers.
Implement Automated Data Mapping and Retrieval Systems: Manually processing DSARs can be inefficient, error prone, and difficult to scale. By investing in automated tools that help map out where personal data resides within an organization, businesses can dramatically speed up the process of retrieving that data when a request is made. Not only does this streamline compliance, but it also helps ensure that the data you provide is complete and accurate — critical for building trust.
By embracing DSAR compliance not just as a regulatory requirement but as a business opportunity, companies can position themselves as leaders in privacy and data ethics. Because the reality is: the organizations that are ethical, responsible and accountable for their customers’ personal information are the organizations who are likely to differentiate their brand from the competition.
We’ve compiled a list of the best data loss prevention services.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
As data privacy laws evolve and the demand for transparency grows, privacy offices are increasingly burdened with the rising cost of processing Data Subject Access Requests (DSARs). In fact, a 2024 survey indicated a staggering 246% increase in DSARs over the past two years. And they’re costing companies big time…
