ADPO Event: Revisiting DSARs (from AI-drafted requests to Digital Omnibus nuances)

2–3 minutes

A free ADPO webinar | 14 July 2026 | 12:00 noon | 45 minutes

The committee and members of the Association of Data Protection Officers invite privacy practitioners, professionals, and curious parties to a review and debate on one of the thorniest issues in modern privacy practice: the “difficult” Data Subject Access Request.

Why now?

Access requests are the single biggest source of data protection complaints in Ireland. According to the DPC’s most recent Annual Report, requests by data subjects for access to their personal data account for the largest share of national complaints at 34%, with 914 new access-related complaints received in 2024 alone. The DPC notes that failure to reply within the required timeframe, coupled with the application of redactions or exemptions, generates the basis for many of these complaints. In March 2025, the DPC published dedicated guidance on handling SARs, specifically addressing the application of Article 15 where third-party personal data is contained in documents falling within scope: a clear signal of where the regulator sees organisations struggling.

The picture is similar across Europe, with an additional driver: AI. AI-generated requests now routinely go far beyond a simple “what do you hold about me?”, purporting to seek every conceivable data type across every conceivable system and demanding granular explanations of any redactions or exclusions. Berlin’s data protection authority reported nearly 50% more complaints in 2025 than 2024 and identified AI as the primary driver, noting that the legal assessments on which AI-generated claims rely are often incomplete or simply wrong.

Employee requests add a further layer. One recent industry analysis found that two-thirds of DSARs come from employees, typically during workplace disputes, and that these tend to be more complex because employee data is dispersed and intermingled with business operations.

Meanwhile, the regulatory ground itself is moving. The European Commission’s Digital Omnibus proposal would expand and codify the circumstances in which controllers may treat access requests as excessive or abusive, including requests pursued for purposes unrelated to data protection, with the explanatory materials expressly referencing the use of DSARs as a back-door for litigation discovery. The proposals face vocal criticism, with an open letter from 127 civil society organisations warning the GDPR risks being hollowed out under the guise of simplification. Where the line will sit between legitimate access rights and abusive requests is one of the live debates of 2026, and this webinar will tackle it head-on.

What we will cover:

  • The legislative framework and key supporting documentation
  • DSAR statistics and instructive case studies
  • Best practice for complex DSARs, including practical redaction techniques
  • Employee DSARs and their particular challenges
  • The Digital Omnibus proposals and what they mean for access rights
  • CJEU guidance on the grounds for DSAR refusal
  • AI in DSARs: both as a driver of complexity and a tool for response

Event details

This event will be held live online at 12 noon on 14th July 2026.

Register Here..

,

More ICS News

Read more ICS News

Become a Member
ADPO News
HISI News
IASA News
itSMF News
Irish Digital Skills & Jobs Coalition News
EU Tech Policy News
AI Policy News

Discover more from Irish Computer Society

Subscribe now to keep reading and get access to the full archive.

Continue reading