Data Subject Access Requests (DSARs) are designed to protect individual rights and promote transparency. When used as intended, they’re an important mechanism for building trust between organisations and the people within them.
However, increasingly, DSARs are being deployed tactically during grievances, disciplinary action, or performance management processes – not to access information, but to exert pressure, delay proceedings, or influence outcomes. The UK regulator has given examples of requests made with the intent to harass, cause disruption, or target specific employees, and there has been increasing discussion in legal and employment fields about this apparent trend and the impact it can have, particularly on smaller organisations.
If poorly managed, DSARs can expose organisations to regulatory, procedural, and reputational risks. If met with emotion or defensiveness, they can intensify conflict. Yet if they are ignored or dismissed, they risk undermining confidence in the very rights they are meant to uphold.
In this context, DSARs require a consistent, measured, and disciplined response. The priority is not the interpretation of intent, but the consistency of the process. Clear governance, proportionate scoping, and calm procedural handling ensure that individual rights are respected without creating space for misuse to distort decision-making.
This is not about second-guessing motivation. It’s about the maturity of organisational response under pressure.
Organisations that respond consistently, transparently, and defensibly strengthen confidence in their systems, even in challenging circumstances.
A more difficult but necessary reflection for leadership is this: When pressure was applied, did we stay anchored in fairness and process, or did the situation influence how we applied those standards? If there were weaknesses, what can we learn from that and, critically, what improvements can we make to ensure we do better next time?
Rights matter. So does the integrity with which they are upheld.
