13/02/2026 News
  • 60% not yet using Gen AI in DSAR or data review processes, despite 57% identifying time as the biggest challenge to review large volumes of data

  • Nearly 70% cite “regulator guidance” or “clear human oversight and legal sign-off” as the measures that would make them most comfortable with the use of Gen AI in data review processes

A survey conducted at the recent Data and Digital Leadership Forum, our annual event which explores the latest developments in AI, cyber-resilience and governance, provides fresh insight into how organisations are approaching the use of Generative AI (Gen AI) in Data Subject Access Request (DSAR) and data review processes, and where the key challenges and barriers remain.

A Data Subject Access Request is a legal request made by an individual under data protection law, including the GDPR, seeking access to the personal data an organisation holds about them. DSARs often involve large, unstructured and complex datasets, making them operationally demanding, time‑sensitive, and costly to manage.

The survey results reveal a market that is exploring the use of Gen AI in DSARs and data review processes, but doing so cautiously, with a strong focus on governance, trust, and regulatory defensibility.

Market readiness: How organisations are using Gen AI today

Participants were asked: How is your organisation currently using Gen AI in DSAR or data review processes?

  • Actively using Gen AI today: 19%
  • Piloting or testing: 11%
  • Discussing but haven’t started: 19%
  • Not using Gen AI at all: 41%
  • Not sure / depends on business unit: 11%

The results point to a market that is at an early stage but cautiously starting to mobilise in terms of the use of Gen AI. Only 19% of organisations are actively using Gen AI today for DSARs, with 11% piloting or testing. 41% are not yet using Gen AI at all, indicating a large cohort that could benefit from the efficiencies the technology could bring. The survey results show that some organisations are moving out of the theoretical phase and into practical consideration and experimentation.

At the same time, the proportion of organisations not yet using Gen AI for DSARs highlights a degree of caution, particularly in regulated environments where DSAR outcomes must be accurate, consistent and defensible.

Colin Rooney, Head of our Technology and Innovation Group, commented: “What we’re seeing is not resistance to Gen AI, but measured engagement. Organisations understand the potential efficiency gains, particularly for first‑pass DSAR review, but they are rightly focused on ensuring that any deployment is legally robust, well governed, and capable of standing up to scrutiny.”

DSAR challenges

The second question explored the operational pressures facing teams dealing with DSARs: “What is the biggest challenge in delivering DSARs today?”

  • Time required to review large volumes of data: 57%
  • Identifying personal data early and accurately: 18%
  • Consistency and quality of decisions: 14%
  • Defensibility if challenged by a regulator: 11%

The findings underline why Gen AI is attracting such strong interest. Volume and time pressure remain the dominant challenges, with over half of respondents citing the sheer scale of data review as their biggest obstacle. Challenges around accuracy, consistency, and defensibility further reinforce the need for tools that can support human reviewers, without replacing legal judgement.

Michael Egan, Director, Legal Tech and Group Operations, said: “These results align closely with what we see in practice. Teams that deal with DSARs are under real pressure from growing data volumes and tighter timelines. Gen AI can play a valuable role in first‑pass review, helping to surface potential personal data earlier, improve consistency, and allow legal teams to focus their expertise where it matters most.”

Trust and governance: What organisations need to adopt Gen AI

The final survey question focused on what would give organisations the confidence to adopt Gen AI for first‑pass DSAR review: “What would make you most comfortable using Gen AI for first‑pass DSAR review?”

  • Regulator comfort or guidance: 36%
  • Clear human oversight and legal sign‑off: 32%
  • Transparent audit trail and defensibility: 25%
  • Ability to control what data is processed: 7%

These results show that trust, governance and defensibility, and not just speed alone, will drive adoption. Regulatory comfort ranked highest, closely followed by the need for human oversight and legally defensible audit trails. This reflects the reality that DSAR decisions must be explainable, accountable, and capable of withstanding regulatory scrutiny.

Colin Rooney added: “Organisations are telling us that Gen AI must be implemented in a way that enhances, not undermines trust. Human oversight, transparency, and defensibility are non‑negotiable. The technology will only scale where it is embedded within strong governance frameworks.”

The survey results highlight both the significant opportunity and the practical considerations organisations face when adopting Gen AI for DSARs, and other data review processes. While the technology offers clear potential to reduce operational burden and improve efficiency, its success will depend on careful implementation and strong governance.

For more information the use of Gen AI for DSARs and data review processes, please contact Michael Egan or your usual Arthur Cox contact.

Pictured at the Data and Digital Leadership Forum (l-r): Michael Egan (Director, Legal Tech Services), Aoife Mac Ardle (Of Counsel, Technology and Innovation), Colin Rooney (Head of Technology and Innovation), Malcolm Byrne T.D (Chair of the Oireachtas AI Committee), Olivia Mullooly (Partner, Technology and Innovation) and Ian Duffy (Partner, Technology and Innovation).