Talk to Sales Client Portal
Talk to Sales Client Portal

Struggling with Subject Access Requests?

Home / Resources / Library / Subject Access Request Nightmare Document Management

  • 07 | 11 | 2025

The Subject Access Request Nightmare Why Document Management Chaos Costs You

Let’s be honest until you’ve dealt with your first proper Subject Access Request (SAR), you don’t really get why people bang on about electronic document and records management systems.

Then one lands on your desk. And suddenly you’re three days in, you’ve got a spreadsheet with 47 different file locations, someone’s on holiday who’s the only person who knows where the 2019 HR files are stored, and you’re starting to have stress dreams about the ICO. Fun times.

Why Subject Access Requests are always more complicated than they should be

The thing about SARs is they sound simple on paper. Someone exercises their GDPR rights and wants to know what personal data you hold about them. You’ve got 30 days. Just find it, redact the sensitive bits, send it off. Done.

Except it’s never that straightforward with records management, is it? Because that person’s data isn’t sitting in one neat folder labelled “John Smith – All His Stuff.” It’s in emails from 2018. It’s in that procurement document where he was CC’d. It’s in meeting notes stored in someone’s personal SharePoint folder that technically shouldn’t exist but does because Karen from Finance needed somewhere to keep her team’s files and this was easier than going through IT.

And don’t even get started on redactions. You finally think you’ve found everything, then you realise half the documents mention other people too, so now you’re redacting more than you’re revealing, and you’re second-guessing whether you’ve achieved GDPR compliance or opened yourself up to more risk.

Find out how we can help

The real cost of poor document management isn't just time

When you’re manually hunting through systems for SAR responses, you’re not just wasting time though there’s plenty of that. You’re also creating serious compliance risk.

Miss a document because it was filed wrong in your document management system. That’s an incomplete SAR response and a potential ICO complaint. Include something you shouldn’t? You’ve just breached someone else’s privacy rights under GDPR. Sent the wrong version with un-redacted personal data? Even worse.

We’ve  seen organisations spend days on a single Subject Access Request, pulling in multiple team members, disrupting normal work, all because their digital documents are scattered across various systems with no proper indexing or classification. And then the next SAR comes in and they do it all over again.

How long did your last SAR take? If the answer made you wince, let’s have a chat about why that doesn’t have to be normal.

Lets chat

Data subject requests are only getting more frequent

Here’s the kicker SARs aren’t a one-off problem for records management teams. If anything, people are becoming more aware of their data protection rights under GDPR, which means you’re likely to see more Subject Access Requests, not fewer. And the ICO isn’t getting more lenient about response times or accuracy.

Some organisations I’ve spoken to are now getting five, ten, sometimes twenty SARs a quarter. If each one takes a week of frantic searching and compiling, that’s basically someone’s entire job just keeping up with data subject requests. That’s not sustainable.

The organisations coping best aren’t the ones with huge teams or unlimited time. They’re the ones who’ve sorted out their document management properly so that handling a SAR is just… a task. Not a crisis. Not a “drop everything and all hands-on deck” situation. Just something you can handle within your normal workload.

Now's the time to act Your EDRMS either saves you or kills you when SARs arrive

This is genuinely where having a decent electronic document and records management system stops being a “nice to have” and becomes the difference between meeting your 30-day deadline and sending a grovelling extension request.

Organisations with proper EDRMS solutions who can run a search, pull everything up, and have a SAR response package ready in a few days. And organisations where it takes two weeks just to find everything, never mind review it for GDPR compliance. Guess which ones sleep better at night?

The reality is, if your digital documents aren’t properly organised from the moment they’re created, you’re building yourself a future headache. Every email attachment that doesn’t get filed properly, every document that gets saved with a vague name in the wrong folder it all comes back to bite you when Subject Access Request o’clock rolls around.

Sound familiar? See how organisations like yours have gone from SAR chaos to calm with proper document management.

Learn more

Related case studies

View all insights
  • 02 | 12 | 2025

How to prepare for the NSTA’s January 2026 well data deadline

Read How to prepare for the NSTA’s January 2026 well data deadline now
  • 25 | 11 | 2025

The pressure’s on to improve KIM – but what’s the answer for housing associations?

Read The pressure’s on to improve KIM – but what’s the answer for housing associations? now

Solutions to suit all industries and sectors

Client Portal