Is Agentic AI a Potential Game-Changer for HR Teams processing DSARs?

Handling Data Subject Access Requests (DSARs) has traditionally been a labour-intensive task for HR teams and Data Protection Officers (DPOs). Under GDPR, organizations must fulfill a DSAR within one calendar month, which in practice is about 20–22 working days natlawreview.com – a tight timeline when employee data is scattered across emails, HR systems, chat logs, slack and Teams apps and more. In the past few years, DSAR volumes have surged worldwide, reflecting growing awareness of data rights. One report noted a 246% increase in privacy requests from 2021 to 2023, and estimated that manually processing DSARs costs about $800,000 per million records datagrail.io. Closer to home, an EY Law survey found 60% of employers saw DSARs increase in the last year, spurred by regulatory campaigns to raise awareness natlawreview.com. In short, DSARs are becoming more frequent and complex, putting a strain on HR and privacy teams.

This article explores how the rise of agentic AI – autonomous, goal-driven AI agents – and advanced general AI like large language models (LLMs) might be poised to transform DSAR handling. We’ll look at the current DSAR landscape in HR, the potential for AI to streamline (or disrupt) the process, the privacy risks and challenges these technologies introduce, and three practical scenarios illustrating the future of DSAR workflows. Throughout, we’ll draw on insights from the EDPB-supported report “AI Privacy Risks & Mitigations – Large Language Models (LLMs)” (March 2025), which provides a structured framework for assessing AI privacy risks and mitigation strategies.

Current Landscape of DSARs in HR

For HR professionals, DSARs are a double-edged sword: they are a fundamental employee right under GDPR (and similar laws), but fulfilling them is arduous and time-consuming. A typical DSAR might read like;

This seemingly simple request can unleash a massive hunt for information. Employee data is spread across numerous sources – HR databases, payroll systems, recruitment portals, emails, Slack or Teams chats, performance review files, voice recordings and even CCTV footage or building entry logs in some cases. The diversity of data formats adds to the challenge: some records are structured (rows in a database), while others are unstructured text (email threads, PDFs, images). An EY survey report noted that many DSARs end up being broad requests for “all personal data” on an employee, often spanning many years of records stored in many places natlawreview.com. HR teams are trying hard to coordinate with IT, legal, and department managers to locate and retrieve this information.

Several factors make DSAR fulfillment burdensome today:

• Volume and Growth of Requests: Privacy awareness is rising among employees. Over half of employers report DSAR volumes are increasing year-on-year natlawreview.com. Employees may file DSARs for various reasons – from genuine curiosity about their data, to preparing for legal action or disputes. Regardless of motive, each request demands comprehensive handling. As noted, DSAR volumes globally have exploded (e.g., a 246% jump in two years datagrail.io), and HR departments feel that pressure.

  
  

• Tight Deadlines: GDPR mandates a response within one month (with a possible extension for complex cases). In practice, that’s roughly 4 weeks or 22 working days natlawreview.com. Considering the breadth of data to collect and review, this is a race against time. Even well-prepared organizations struggle if multiple DSARs hit at once or if data is highly unstructured. One UK report cited over 15,000 subject access complaints in a year – often stemming from organizations failing to respond on time. Missing the deadline can mean regulatory penalties and eroded employee trust.

  
  

• Manual, Cross-Functional Work: Fulfilling a DSAR isn’t just an HR task; it requires a coordinated search and review. IT may need to run queries across systems, managers might need to retrieve departmental records, legal advisors may need to review documents for sensitive content or exemptions. Typically, HR or privacy staff have to manually sift through emails and files, then copy or export all personal data related to the requester. Redaction is another manual step – e.g. removing other individuals’ personal data from email threads or documents before releasing them. Without robust tools or processes, this becomes an all-hands effort that “goes above and beyond normal day-to-day work”.

  
  

• Variety of Data and Systems: Employee data can hide in unexpected places. Obvious sources include HRIS (Human Resources Information System), payroll, benefits platforms, and corporate email. But consider less obvious sources: messages in corporate chat apps, shared drive documents mentioning the person, badge swipe records, CRM notes if the person interacted with sales, etc. As one legal article put it, “personal information…will be found in a variety of places,” and even archived emails or backups might fall within scope natlawreview.comnatlawreview.com. This sprawling data footprint means the DSAR team must be extremely thorough, often using multiple search tools. Incomplete responses are a risk if any system is overlooked.

  
  

The net result is that handling DSARs today is costly and draining. One industry analysis estimated that, for enterprises, manually handling DSARs can cost $1-1.5 million per year in staff time and overhead (around $800K per million data subjects) datagrail.io. Our own research would indicate that the average cost of a DSAR for UK organisations is around £4,800 per SAR (Guardum DPO survey 2023).It’s no wonder that organizations are seeking relief through automation and smarter tools. But can AI step into this process effectively? And what new challenges come along if it does? Let’s explore how agentic AI and LLMs might reshape DSAR fulfillment.

AI’s Influence on DSAR Fulfillment

Artificial Intelligence, especially “agentic” AI and large language models, promises to revolutionize how DSARs are handled. Agentic AI refers to AI systems (or “AI agents”) that have a level of autonomy – they can understand goals, make decisions, and execute tasks with minimal human guidance.

According to a recent Deloitte analysis, by 2027 half of companies using generative AI are expected to have pilot projects for agentic AI systems. These AI agents are envisioned as intelligent assistants that autonomously manage complex tasks, exactly the kind of heavy-lifting a DSAR entails. Instead of an HR coordinator manually searching through databases and inboxes, one could imagine an AI agent doing it: logging into systems, retrieving relevant files, and compiling a report.

Here are a few ways AI (particularly LLM-driven agents) could streamline the DSAR process:

• Data Discovery and Collection: An AI agent can be authorized to connect with various enterprise systems (with proper access control) and perform federated searches. For example, given an employee’s name or ID, the agent could query the HR database, scan email archives for that name, pull chat transcripts mentioning them, and so on. Modern LLMs have strong natural language search capabilities – they can understand queries like “find all documents where Jane Doe is the subject” and might outperform manual keyword searches by humans. This could dramatically speed up data gathering, turning days of effort into minutes. Agentic AI can also perform iterative searches: if initial results show references to a project code, the agent might then search that code in other systems to ensure nothing is missed (mimicking how a thorough investigator might operate).

  
  

• Classification and Deduplication: DSAR responses often involve hundreds of files, many of which may be redundant or not actually personal data. AI can help classify which pieces of information are truly “personal data” related to the requester. For instance, an AI model could flag that a certain email thread contains the requester’s personal data vs. another thread where they are merely CC’d with no personal info. Additionally, AI can identify duplicates (e.g. the same HR record stored in two places) so that the response can be streamlined. This reduces volume and focuses the human reviewer’s attention on what matters.

  
  

• Summarization and Reporting: One intriguing possibility is using LLMs to summarize large troves of data for the data subject. Currently, many DSAR responses involve delivering raw data exports (which can be overwhelming for the requester to navigate). An AI could create a human-friendly summary:

• Such summaries would need careful verification, but could make the DSAR output more understandable. They might also help identify where redactions are needed by highlighting sensitive content.

  
  

• Redaction and Anonymization: Tools augmented by AI especially around non-conforming patterns (as in our case at Contextul) can potentially greatly enhance the search and discovery of commercially sensitive information that is traditionally hard for computers to make sense of and find. This is similar to how e-discovery tools use AI to redact privileged information in legal cases.

  
  

• Workflow Orchestration: An agentic AI system might do more than just data processing – it could manage the DSAR workflow. Envision an AI that, upon receiving a DSAR, autonomously “plans” the steps: verify the requester’s identity (perhaps by sending an automated ID check), send notifications to data owners (e.g. department heads) to gather any offline records, compile all digital records, then even draft the response letter. Such an agent would perform multi-step reasoning and tool use – hallmarks of agentic. A well-designed agent could ensure no step is forgotten (something humans are prone to in complex processes).

  
  

Given these capabilities, it’s easy to get excited about AI disrupting the old, manual DSAR process for the better. Early case studies from vendors show DSAR response times dropping from weeks to hours after adopting AI-powered discovery tools. Automating the grunt work allows human experts (DPOs, legal, HR champions) to focus on oversight and the tricky judgment calls, rather than spending their time on inbox searches and PDF exports.

However, AI is not a panacea, and introducing it into DSAR workflows brings new concerns:

• Risk of Misclassification: AI isn’t foolproof in distinguishing personal data from similar-looking non-personal data. For instance, an AI might erroneously label a piece of data as “not personal” and exclude it, leading to an incomplete DSAR response and potential compliance violation. Conversely, it might include information that isn’t actually about the requester (e.g. pulling in data about someone with a similar name). Human validation is still needed to make sure the AI hasn’t overlooked or over-included anything critical. Misclassifying data could erode trust or even violate the DSAR requirements if the individual doesn’t receive all their data or gets someone else’s data by mistake.

  
  

• Inadvertent Exposure of Data: A big worry is that an AI tool, if not carefully configured, could expose sensitive data to unintended parties or systems. For example, if using a cloud-based LLM, are we sending personal data to a third-party AI provider? The EDPB report warns that if retrieval or AI processing uses external APIs or services, user queries and data might be sent to third parties and stored or tracked without the user’s knowledge or consent. In an HR context, that could mean an employee’s private info leaves the company’s secure environment via an API call – a serious data protection issue. Even within internal systems, an AI might accidentally present data to an unauthorized user. Consider an HR AI assistant that fields queries from employees, if it’s not carefully permissioned, a savvy user might trick it into revealing someone else’s personal info (a form of prompt injection or social engineering of the AI).

  
  

• Hallucinations and Inaccuracies: LLMs sometimes “hallucinate” – producing text that is fluent but false. In a DSAR scenario, a hallucination could be disastrous. Imagine an AI summarizing an employee’s data and wrongly stating,

when no such action exists, simply because the model guessed or conflated information. This not only misleads the data subject but could spark conflict or legal action based on incorrect data. As the EDPB-supported report notes, LLM-generated outputs may include inaccurate or sensitive information (hallucinations) that lead to harm or misinformation. The lack of reliability in generative AI’s outputs is a big reason DPOs remain cautious. Any AI-written content for DSARs would need rigorous fact-checking against the source data. Unlike a human, the AI doesn’t truly know truth from fiction, it might fill gaps in data with plausible-sounding text, which is unacceptable in compliance contexts.

• Loss of Transparency: GDPR emphasizes transparency and the ability to explain to individuals how their data was found and is being used. If we deploy an opaque AI system, do we know how it made its decisions? If a data subject challenges the completeness of a DSAR response, the organization must be able to demonstrate its search efforts. A black-box AI that says:

without an audit trail or logic could undermine that accountability. The report highlights that limited explainability of LLM systems can lead to reduced trust and suboptimal outputs. HR and DPOs integrating AI need to ensure the AI’s actions are traceable, e.g. logs of what queries it ran, what sources it accessed, to satisfy audit requirements and Article 15’s mandate to provide information on how data was obtained.

AI has immense potential to accelerate and augment DSAR workflows, but it also introduces new failure modes. The same power that lets an AI agent autonomously retrieve data could, if unchecked, autonomously wreak havoc (imagine an AI accidentally emailing personal data to the wrong person, or deleting records it wasn’t supposed to). Thus, AI’s influence on DSAR fulfillment will be a balancing act, harnessing efficiency while controlling risks.

The next section delves deeper into those emerging privacy risks and challenges in an AI-enhanced DSAR world.

Challenges and Privacy Risks Ahead

Looking forward, the intersection of DSARs, HR data, and AI raises critical challenges that HR leaders and DPOs must proactively address. As data volumes grow and AI tools become integrated, new privacy risks emerge, some due to the technology itself, and some due to the sheer complexity of data environments. Let’s break down a few key risk areas, many of which are highlighted in the EDPB-supported AI Privacy Risks & Mitigations report:

• Data Proliferation & DSAR Scope Creep: Organizations are collecting and storing more employee data than ever, from productivity metrics to wellness program data, not to mention the explosion of communication channels (Zoom recordings, anyone?). This proliferation means that when an employee asks for “all my data,” the task is even larger. It also raises questions: are companies effectively tracking where all personal data resides? The challenge is not just technical but organizational. If data is spread across interconnected systems, a DSAR response might require pulling from dozens of sources. Each additional integration is a potential point of delay or failure. In the age of AI, there’s a concern that if AI makes requesting data easier (for instance, if employees start using AI to generate boilerplate DSARs or even do so frequently out of curiosity), the volume could spike further. HR and privacy teams might face a near-constant stream of DSARs, stretching resources thin. Keeping response times within a month will be harder when data is fragmented across legacy systems, cloud apps, and AI archives.

  
  

• Model “Memory” and Retention Risks: When using LLMs or AI agents, consider how they handle data input and output. These models often have short-term memory (to maintain conversation context) and sometimes a form of long-term memory or caching in advanced agent systems. A significant privacy risk is unintended data retention, the AI keeps sensitive personal data in its memory or logs beyond the necessary period. The report explicitly notes that long-term storage of user data increases the risk of unauthorized access or misuse, and retaining sensitive data across interactions can violate privacy regulations.

  
  

  For example, if an HR chatbot remembers details from a DSAR inquiry and that memory isn’t wiped, another user interacting with the bot later could potentially retrieve those details. Even if that exact scenario is unlikely with proper design, storage limitation (GDPR’s principle to retain personal data only as long as needed) must be enforced in AI systems. Any AI used for DSAR should be designed to discard or anonymize data after use, and certainly not to incorporate that personal data into its training. If AI vendors log DSAR-related queries on their servers, the organization must treat that as a potential data breach vector. The bottom line:

• Model Inference and Data Leakage: Powerful AI models trained on large datasets might inadvertently regurgitate sensitive information they saw during training. This is known as a model inference or model inversion risk.

  
  

  For instance, if an AI was trained on an old backup of company emails (which it shouldn’t be, but hypothetically), it might later spit out an employee’s personal email verbatim in response to a prompt. Or more subtly, an attacker could query an AI with clever prompts to try to get it to reveal personal data it “knows.” The EDPB report flags that during an LLM’s processing, the model might infer sensitive outputs based on its training data or input. Researchers have demonstrated that it’s possible to perform membership inference attacks – essentially guessing if a certain person’s data was part of a model’s training set, or even extract pieces of original training data from models. In an HR context, this could be a nightmare: imagine someone using an AI assistant and getting it to output “hidden” data like another employee’s salary or a confidential memo. While such direct leaks require specific conditions, the risk is not zero. As AI systems become part of data processing, preventing unintended data leakage via the model is paramount. Techniques like prompt filtering, rate-limiting queries, and rigorous testing for such leakage are necessary mitigations.

  
  

• Retrieval-Augmented Generation (RAG) Risks: Many enterprise AI setups use Retrieval-Augmented Generation – essentially, the AI pulls information from a knowledge base to ground its answers (so it doesn’t rely purely on its trained knowledge). If an HR team deploys an AI agent that can search internal documents to answer questions, this is a form of RAG.

  
  

  The privacy risks here are twofold: security of the knowledge store and accuracy of retrieval. If the knowledge base includes sensitive personal data (which a DSAR knowledge base would, by definition), using RAG means that data is being accessed and possibly cached by the AI system. The report cautions that using knowledge bases with personal data “without proper safeguards” is risky. Insecure logging or caching in a RAG pipeline could expose personal data. Additionally, if the retrieval component isn’t discriminating enough, the AI might grab more data than necessary (exposing irrelevant personal info) or pull in data about a different person with similar keywords. In other words, a poorly implemented AI might include someone else’s records in John Doe’s DSAR response because it retrieved documents for “John” that actually pertained to a different John. Robust access controls and context filtering are needed to ensure the AI retrieves only the requester’s data. There’s also a third-party risk: many retrieval systems rely on external services or APIs. If those are used, data could flow to external processors. Every integration point (e.g., a vector database for documents, an API for translation) must be scrutinized for privacy compliance.

  
  

• Security and Breach Potential: With great data aggregation power comes great responsibility. An AI that can access all employee data for DSAR purposes is essentially a privileged user. If that AI agent is compromised (hacked, manipulated, or misused), it could become an insider threat – funneling out massive amounts of personal information. Traditional systems at least required multiple steps or people to get at all data; an AI agent might have the keys to the kingdom in one place. This amplifies the importance of cybersecurity around AI tools: strong authentication, limiting the AI’s actions (e.g., it shouldn’t be able to send data externally unless authorized), and monitoring its activity. The report discusses threats like unauthorized access, API misuse, and interface vulnerabilities that could lead to breaches. Also, consider output risks: if the AI presents results via a web interface, is that interface secure? Could someone else view another’s DSAR output by altering a URL or through an access control flaw? These are very real concerns as we weave AI into enterprise workflows.

  
  

• Compliance Complexities: Regulatory compliance itself becomes trickier with AI. Under GDPR, if any automated decision-making is involved in processing personal data, data subjects have rights to know the logic and to opt-out of purely automated decisions in some cases. While compiling a DSAR isn’t exactly the kind of decision GDPR Article 22 had in mind (that’s more about decisions producing legal effects), transparency obligations still apply. A data subject might rightfully ask:

DPOs will need to incorporate AI activities into their records of processing. They may also need to update privacy notices to mention that AI is used in handling DSARs, and ensure there’s an option for individuals to communicate if they want an explanation or human intervention in the process. Furthermore, different jurisdictions may introduce new rules around AI – for instance, the EU AI Act has classified some AI uses in HR as high-risk, requiring extra oversight. If an AI helps fulfill DSARs, is that part of a high-risk processing activity? Possibly, since it deals with lots of personal data and could affect rights. Interpreting overlapping regimes (GDPR, AI Act, etc.) will be part of the challenge for DPOs.

Clearly, the future landscape brings risks of data breaches, compliance pitfalls, and ethical dilemmas. But it’s not all doom-and-gloom:

By applying Privacy by Design at each stage, organizations can significantly reduce the likelihood of these privacy failures. To make it more concrete, let’s walk through a few practical scenarios that illustrate how DSAR handling might evolve with AI – the good, the bad, and the balanced.

Three Practical Scenarios

To ground the discussion, consider these three plausible scenarios combining current practices with near-future AI capabilities in DSAR handling:

Scenario 1: AI Turbocharges a DSAR Workflow

Imagine it’s 2026. ACME Corp’s HR team receives a DSAR from a former employee. Normally, this would kick off a frantic search through files, but ACME has deployed an AI DSAR Assistant. The DPO triggers the AI agent with the request details. In minutes, the agent has crawled all internal systems: it pulled the employee’s profile from Workday, gathered all emails to/from the person, exported chat logs they’re mentioned in, and listed files in their network drive. It also cross-referenced project databases to find records where the employee’s name or ID appears (for example, entries in a Jira ticketing system that mentioned them).

The AI presents the HR team with a dashboard: all discovered items are categorized (emails, HR records, etc.), with duplicates removed. There’s even a summary it generated: “Found 2,340 emails involving the subject, 120 documents, and 45 HR records. Common themes include performance evaluations, compensation, exit interview.” The HR team is amazed – work that used to take them days of coordination was done in a matter of hours.

They proceed to review the findings. The AI had flagged a few emails as containing third-party personal data (like another employee’s sensitive info) and suggested redactions, which the team quickly approves or tweaks. Throughout, the DPO watches for any weird omissions or additions, but it appears the AI was quite thorough. By the next day, ACME Corp delivers the DSAR response: neatly organized and well within the deadline.

In this scenario, AI acted as a force-multiplier, handling the grunt work and allowing humans to focus on oversight. The outcome: faster response, lower labour cost, and a (hopefully) happy data subject. ACME’s DPO, of course, documented the process and kept logs from the AI to show how data was collected, just in case of any challenge.

Scenario 2: AI Misstep Leads to a Privacy Breach

Now, a cautionary tale. A different company, DataFine LLC, decides to use a generative AI tool to help draft DSAR responses. They feed the AI large chunks of raw data (emails, documents) and ask it to summarize or extract relevant info. It works great for a while, until one day, things go wrong.

An employee requested all performance feedback about them. The AI was supposed to compile those comments. However, the prompt given to the AI was broad, and the underlying model had some training data that included anonymized examples of feedback from other companies. In its response, the AI inadvertently mixed in some fabricated feedback statements that sounded plausible but were not actually said by anyone at DataFine. Even worse, the AI’s summary accidentally included a couple of lines from a different employee’s review (it got confused between two similar names).

Unaware of these errors, the HR team passes the summary on. The requesting employee receives what looks like a comprehensive summary of all feedback… but immediately spots odd comments that they’ve never heard before:

The employee is alarmed and lodges a complaint. DataFine scrambles to investigate. They realize the AI “hallucinated” some content and also pulled data from the wrong profile. In effect, they just breached another employee’s privacy by disclosing part of that person’s evaluation, and they provided false information to the requester.

This scenario highlights how AI can unintentionally expose private data and sow confusion. The root causes: insufficiently constrained AI outputs and lack of human verification. The generative model wasn’t tuned for high-stakes accuracy, and there were no robust filters to block it from including data beyond the target. Mitigations could have been in place – e.g. the EDPB report suggests post-processing filters to remove sensitive or inaccurate content from AI outputs, which would have helped here. Also, DataFine should have tested the AI on dummy data to see if it mixes contexts (a known risk). After this incident, DataFine likely rolled back AI usage, notified the affected parties, and involved their DPO to handle the breach under GDPR’s protocol. It was a harsh lesson that AI tools need strict guardrails and human oversight especially when dealing with personal data. A single AI misstep turned a routine DSAR into a potential compliance nightmare.

Scenario 3: Human–AI Collaboration for Safe, Efficient DSARs

Finally, consider a hybrid approach – probably the ideal near-term state for most organizations.

TechSolutions Inc. uses an AI platform to assist with DSARs, but with a “human-in-the-loop” design. When a DSAR comes in, the AI agent kicks off data collection similar to Scenario 1: it aggregates records from various systems. However, unlike ACME’s fully autonomous agent, TechSolutions’ AI is configured in a read-only mode and cannot send data outside or directly to the requester. It compiles everything on an internal dashboard.

From there, an HR privacy specialist takes over. They review the AI-collected dataset, apply context that the AI might miss (for example, noticing that some files, while retrieved, aren’t actually about the person and can be dropped). The AI suggests redactions for third-party names, but the specialist double-checks each one, ensuring no critical context is lost and no personal data of others slips through.

The AI also provides a draft cover letter to the employee, which explains the data provided. It uses a template approved by legal, just filling in details (like number of records, categories of data). The specialist reviews that letter, edits a few parts for tone and accuracy, and approves it.

Throughout, the DPO is involved at key checkpoints: they approve the initial search parameters the AI uses (to ensure minimization – only searching relevant systems), and they review the final packet before release. The AI system keeps an activity log, which systems were queried, when, and by whom (the AI acting on behalf of the DPO). This log is stored in a risk register entry for the DSAR, documenting how the response was compiled, useful for accountability.

In the end, TechSolutions meets the DSAR deadline with time to spare. The employee receives a thorough response, and importantly, the process was controlled and documented. AI did the heavy lifting of data gathering and initial analysis, but it did not operate unchecked. This hybrid scenario likely represents what regulators encourage: AI as an aid, with human professionals guiding and reviewing every step for compliance. It shows that with forethought, organizations can get efficiency gains without surrendering final control to a machine.

These scenarios underscore different outcomes when integrating AI. The goal, of course, is to gravitate towards Scenario 3 – leveraging AI’s strengths while managing its weaknesses. To that end, let’s outline some practical recommendations and mitigation strategies for HR and DPO leaders looking to safely integrate AI into DSAR workflows.

Recommendations and Mitigations

Embracing AI in DSAR handling requires a strategic and cautious approach. HR and DPO leaders should collaborate to establish guardrails that protect privacy and ensure compliance. Based on the EDPB-inspired frameworks for risk management and industry best practices, here are our recommendations:

• Conduct Thorough DPIAs and Risk Assessments: Treat any implementation of AI in DSAR processing as a potentially high-risk processing activity. Perform a Data Protection Impact Assessment (DPIA) per GDPR Article 35 before deploying the tool. Evaluate how the AI will use personal data, what could go wrong, and document measures to address those risks. The EDPB report emphasizes that this AI-specific risk assessment complements (but doesn’t replace) a DPIA. If the AI usage is novel or significantly affects individuals, err on the side of doing a DPIA even if not strictly mandated. Involve your DPO early and capture their feedback on mitigating risks.

  
  

• Minimize Data Exposure to AI: Follow the principle of data minimization when interfacing with AI. Only feed the AI the data that is necessary for the task, and pseudonymize or anonymize data where possible. For example, if using an AI to search emails, see if hashing or tokenizing identities can be done such that the AI finds relevant info without seeing actual names until results are confirmed. Avoid including highly sensitive data (e.g. racial/ethnic info, health data from sick notes) in AI processing unless absolutely needed. If the AI will be using a knowledge base, segregate and encrypt that knowledge base. An OWASP guideline for LLMs is to discourage entry of personal data and use automated detection to strip out identifiers before processing. Configure the AI platform to not store prompts or outputs beyond the session (many providers offer a setting to not log data – use it!). This reduces the risk of leakage or secondary use of the data.

  
  

• Choose Privacy-Preserving Tools and Vendors: If you’re procuring an AI solution for DSAR, vet the vendor thoroughly. Ensure they offer ideally on-premise or if that's not possible, EU-based hosting if dealing with EU personal data, to avoid unintentional data transfers. Read the fine print: will the AI provider use your data to improve their models (which could re-introduce that data into their training corpus)? Ideally, opt for tools where you can opt-out of any such usage or that explicitly guarantee isolation of your data. Some companies are even exploring bringing the model in-house (running an LLM within their secure environment) for maximal control. If using cloud APIs, implement encryption in transit and at rest – the report underscores using strong encryption and secure APIs to prevent eavesdropping or tampering Also, include contractual clauses that bind the AI provider to GDPR standards (making them a data processor who only acts on your instructions). Regularly audit the provider’s compliance and security measures as part of vendor management.

  
  

• Implement Robust Access Controls and Audit Trails: The AI system should operate on the principle of least privilege. It should only have access to systems necessary for DSAR searches. Use separate service accounts for the AI with read-only access where feasible, and keep an audit log of every action the AI takes (e.g., “searched System X for keywords Y at time Z”). These logs are essential for accountability. Maintain a risk register for your AI deployment – a living document noting identified risks, owners of those risks, and how they’re mitigated. A risk register helps teams track and prioritize issues and ensure nothing falls through the cracks. Should regulators ask, you can demonstrate you have a handle on the AI’s operations and associated risks.

  
  

• Use Input/Output Filters and Policies: As suggested in the EDPB report, deploy filters as an additional safety layer. Input filters can prevent certain sensitive data from ever reaching the core AI model (for instance, stripping Social Security Numbers or detecting if a query is asking for something suspicious). Output filters can scan the AI’s response before it’s finalized – looking for any data that shouldn’t be there (like someone else’s name or an off-topic hallucination). Some companies use a secondary AI model to review the primary model’s output (“AI guardrails”). You can also enforce that any AI-generated summary does not include direct personal data unless it was in the source – essentially banning the AI from being creative in ways that could introduce errors. At a simpler level, implement business rules: e.g., if the AI is providing a summary, that summary must be approved by a human before release (no fully automated DSAR fulfillments).

  
  

• Maintain Human Oversight (Human-in-the-Loop): Retain human judgment at critical points. This is a big one! The final review of any DSAR package should be done by a person, not just an AI. As a rule, treat AI suggestions as exactly that – suggestions. For example, if the AI says:

have a person spot-check a sample of those files or at least verify counts against expectations (maybe you knew there should be about 110 files; why did the AI miss 10?). The EDPB guidance explicitly recommends human review for critical AI outputs to ensure accuracy. Especially for any novel or high-impact responses (like summarizing performance feedback or disciplinary records), get a human to confirm every line. This not only catches potential mistakes, but also helps train the team on the AI’s quirks.

• Train and Sensitize Your Team: Introduce the AI tool and its limitations to all stakeholders. HR staff, IT, and anyone else involved in DSARs should know what the AI can and cannot do. Provide clear instructions: e.g., “Always check redactions suggested by AI,” or “Do not paste sensitive data into the AI chat interface beyond what’s pre-approved, or use AI DataFirewall™ for super safe interactions!” 

  
  

  Encourage a healthy skepticism – team members should feel empowered to question the AI’s results. Also train them on spotting AI errors: maybe some content tends to confuse the model (like code snippets, or legal jargon). If the team is aware, they can be extra vigilant in those areas. Additionally, update internal privacy policies to cover AI usage. For instance, if employees (or works councils) are concerned about AI accessing their data, be transparent about how it’s used, and perhaps allow an avenue for questions or objections.

  
  

• Plan for Errors and Escalation: Despite precautions, assume something will go wrong at some point. Develop an incident response plan specific to AI handling of personal data. If an AI-related privacy incident occurs (like in Scenario 2), how will you detect it, and what steps will you take? Set thresholds for when to escalate to the DPO or even supervisory authority. For example, if the AI outputs any piece of data that wasn’t requested or relevant, log it and have the DPO review whether it constitutes a reportable breach. Having a playbook ready will save precious time. The risk management framework from the EDPB report encourages continuous monitoring and review of risk controls – treat an incident as a chance to update your risk assessment and implement better safeguards.

  
  

• Continuous Monitoring and Tuning: Don’t “set and forget” your AI process. Regularly evaluate its performance. Track metrics like: How often did humans need to correct the AI? Did it ever miss data that was later found manually? Are DSAR completion times improving without a spike in errors? Engage in periodic red-teaming of the AI – e.g., have your privacy team intentionally test it with tricky requests or attempt prompt injections to see if it can be manipulated. The AI lifecycle approach is iterative: you identify risks, treat them, then check for residual risk and new risks on an ongoing basis. Keep the risk register updated with any new findings. Also, stay tuned to updates from the AI vendor – if a new version fixes a bug or offers an improved privacy mode, adopt it after due testing.

  
  

By following these practices, HR and DPO leaders can create a resilient DSAR process that gains efficiency from AI while keeping privacy front and center. A helpful mindset is to approach AI integration as you would any significant process change: carefully, with documentation, testing, and iteration. Use frameworks like the one in the EDPB-supported report to ensure you’re covering all bases – from risk identification to residual risk evaluation and ongoing monitoring.

Remember that compliance is not just about avoiding fines; it’s about maintaining employees’ trust. If your workforce sees that you handle their data requests quickly and carefully (even with AI in play), it reinforces a culture of respect for privacy.

Conclusion

The age of intelligent automation is upon us, and HR and DPOs find themselves at the intersection of technology, privacy, and trust. Agentic AI and advanced LLMs offer an exciting vision for the future of DSAR handling, one where much of the drudgery is automated, responses are faster, and teams can focus on higher-level tasks. However, these benefits come with the responsibility to manage new risks. As we’ve explored, an AI that can autonomously gather and summarize personal data can just as easily misstep and cause a breach if not properly governed.

The role of HR and DPOs will inevitably evolve in this context. Rather than manually executing every step of DSAR fulfillment, they will increasingly design, supervise, and audit AI-driven processes. In essence, the HR/DPO team becomes the conductor of an AI orchestra – setting the score (policies), ensuring each instrument plays correctly (monitoring AI actions), and intervening if there’s a false note (correcting errors). The responsibility to uphold data privacy cannot be delegated entirely to machines; it remains a human accountability to make sure that the tools serve the intended purpose without infringing on individual rights.

To succeed, organizations should invest proactively in privacy-preserving AI design. That means not only buying the latest AI tool, but also building the internal knowledge to configure it safely, and perhaps investing in custom solutions that give more control. Concepts like federated learning, on-device processing, data pseudonymization, differential privacy, and other privacy-enhancing technologies might become mainstream in DSAR solutions. For example, future AI agents could be designed to work offline on local encrypted data, ensuring nothing ever leaks externally. Such investments might seem costly, but they pay dividends in preventing breaches and demonstrating compliance. Regulators are increasingly savvy about AI; showing that your company adopted “privacy by design and by default” in its AI deployments (as GDPR Art. 25 requires) will be crucial in an audit or investigation scenario.

Finally, collaboration and knowledge-sharing will be key. HR and DPOs should work together (with IT, security, and legal teams) to navigate this new terrain. It’s a great opportunity for HR to step into a more tech-forward role and for DPOs to deeply engage with operational processes. Both roles will champion the message that employee data is something to be respected and protected, whether handled by a person or an algorithm. By championing ethical AI use and robust risk management, they can ensure that the introduction of agentic AI into DSAR workflows is a story of enhancement, not harm.

The future of DSAR handling is likely a blend of AI-driven efficiency and human-driven integrity. Organizations that strike this balance will not only meet regulatory requirements but could also set a benchmark for trust in the workplace. As employees see faster responses and still feel their data is in safe hands, it builds confidence. For HR and DPO professionals, navigating these changes is challenging but also empowering – it puts them at the forefront of shaping how AI can coexist with privacy. By being proactive, staying educated on AI risks and mitigations, and keeping the ethical compass aligned, HR and DPO leaders can turn the rise of agentic AI into a win-win: better outcomes for data subjects and more manageable processes for organizations. The tools may be new, but the mission remains the same – honoring individuals’ rights and fostering a culture of privacy, now aided by the smartest assistants we’ve ever had.

If your organization is keen to explore how to go about setting up a safe AI enabled environment that puts privacy first, why not get in touch? We offer a bespoke consultancy helping SME's and Enterprise firms' handle data safely whilst not compromising on the power and business benefits of agentic AI. You can reach us here robert@contextul.io

About Contextul

Contextul is a London-based technology firm specializing in AI-driven solutions for data privacy and compliance. Its flagship product, PrivacyManager™, leverages advanced pattern matching and machine learning to automate the identification, extraction, and redaction of personal information across diverse document types and languages. This enables organizations to efficiently process Data Subject Access Requests (DSARs), reducing manual effort and enhancing compliance with global regulations such as GDPR, LGPD, and CPRA.

PrivacyManager™ supports over 30 billion name combinations, operates across 30 legal jurisdictions, and is capable of processing requests in 25 languages. The platform boasts a processing time of under two days, significantly outperforming traditional manual methods. Additionally, Contextul offers DSAR as a Service (DSARaaS), providing tailored support for organizations lacking internal resources to manage DSARs. This service encompasses the entire DSAR process, from validation and data retrieval to redaction and compliance documentation.

By integrating machine learning into DSAR workflows, Contextul not only improves efficiency and accuracy but also ensures scalability and adaptability in an evolving regulatory landscape. This positions Contextul as a strategic partner for businesses seeking to streamline their data privacy operations and maintain robust compliance standards.

Sources:

1. Barberá, I. AI Privacy Risks & Mitigations – Large Language Models (LLMs), EDPB Support Pool of Experts Report (March 2025 ).

2. Easton, R. “A Rise in DSARs: Why Can Data Subject Access Requests Be Such a Burden?” NatLawReview (Sept 2023) natlawreview.comnatlawreview.com.

3. diVittorio, A. “2024 Data Privacy Trends Report: The Time Data Subject Requests Surged 246% in Two Years.” DataGrail Blog (Apr 2024) datagrail.io.

4. Termly DSAR Statistics & Trends 2025 – DSAR volumes and types under GDPR/CCPA termly.iotermly.io.

5. Deloitte Insights – Autonomous Generative AI Agents Prediction 2025 file-swkhvcneg6cwwzbpcttqsq.

6. OWASP Foundation. “OWASP Top 10 for Large Language Model Applications” (2023)