In the evolving landscape of data protection, privacy professionals consistently identify Data Subject Access Requests (DSARs) as one of the most challenging compliance obligations they encounter. While DSARs are intended to empower individuals with greater control over their personal information, the practical reality reveals that these requests have become one of the most operationally demanding aspects of privacy compliance, creating challenges for both organisations and the data subjects who submit them.(1) The proliferation of DSARs in Ireland can be used for illustrative purposes. Since 2018, Ireland’s Data Protection Commission (DPC) has received over 70,000 DSAR cases, with around 15% pertaining to employment-related matters.