Data subject access requests (DSARs): 2023 EY Law survey
EY Law teams surveyed more than 500 professionals across financial services to understand how they handled DSARs in FY21-22.
The EY Law DSAR report highlights the growing challenge faced by organizations in responding to DSARs, which have become more frequent and complex since the General Data Protection Regulation (GDPR) was enforced in 2018.
The report provides valuable insights into how organizations are handling DSARs and highlights the following key findings:
- 60% of respondents reported an increase in DSARs over the past year.
- 51% had received complaints from data subjects about DSARs.
- Claims management companies (CMCs) make an increasing number of submissions on behalf of data subjects and are a growing source of concern for DPOs.
- 33% of respondents had received “bulk” DSARs.
- 88% handle DSARs in-house, mostly through dedicated data protection teams, but often splitting the work between HR, legal, IT, and compliance.
DSARs can be a significant drain on resources for organizations and can potentially expose policy, procedural, and management failings.