DSARs in Local Authorities: Rising Demand, Shrinking Capacity, and the Reality for Unitaries

Data Subject Access Requests (DSARs) have been steadily increasing across the public sector for several years. But in local government, and particularly within unitary authorities, that increase is no longer gradual – it’s sharp, sustained, and operationally disruptive.

At the same time, the way DSARs are handled is changing. New tools are being adopted rapidly. Organisational structures are shifting. And many information governance teams are being asked to do more with less, against a backdrop of wider local government reform.

This combination is putting DSAR handling under real strain.

The DSAR trend: more requests, more complexity

It’s no secret that DSAR volumes are rising. Public awareness of data protection rights is higher than ever, and individuals are increasingly confident in exercising those rights. What’s changed is the nature of the requests.

Local authorities are now seeing:

• Higher overall DSAR volumes
• A greater proportion of complex, narrative-based requests
• Increasing numbers of staff DSARs, often linked to grievances, disciplinary processes or employment disputes
• Overlapping DSARs, complaints, FOI requests and litigation disclosure

For many councils, particularly unitaries, receiving hundreds of DSARs per month is no longer unusual. Each request demands careful triage, contextual understanding, accurate searches across multiple systems, and defensible redaction decisions. This is not transactional work – it’s skilled, time‑intensive, and high‑risk.

Why unitary authorities feel the pressure most

The move towards unitary authorities has delivered efficiency and strategic alignment in many areas. But from a data protection and DSAR perspective, it introduces unique challenges.

When councils transition to unitary status, they often inherit:

• Multiple legacy systems from predecessor authorities
• Inconsistent records management practices
• Different cultural approaches to data sharing and retention
• Fragmented ownership of information
• Large combined workforces and service portfolios

At the same time, unitary authorities typically cover health, social care, children’s services, housing, education and regulatory functions in one organisation. These are precisely the services most likely to generate DSARs – and the most sensitive data to disclose.

Adult and children’s social care DSARs in particular are resource‑heavy. Files are large, records are often semi‑structured, and third‑party data is deeply embedded. A single request can involve years of casework, multiple practitioners, and dozens of systems.

Capacity is the real constraint

In most local authorities, the problem isn’t a lack of commitment to compliance. It’s capacity.

Information governance teams are usually small, often under‑resourced, and expected to cover a broad remit: DSARs, DPIAs, data sharing agreements, RoPA, breach management, training, and advisory support. When DSAR volumes spike, everything else slows or stops.

The risk is familiar:

• Backlogs build quickly
• Statutory deadlines become harder to meet
• Stress and burnout increase across small teams
• Quality drops as teams rush disclosure decisions
• Organisational exposure grows

This is particularly acute in unitaries that are still consolidating systems and processes post‑reorganisation. Without stable records management and clear information ownership, DSAR handling becomes reactive firefighting.

Tool adoption: necessary, but not a silver bullet

In response, many local authorities are turning to new tools. Automated redaction, e‑discovery platforms, and specialist SAR case‑management systems are all being explored – and rightly so.

The adoption of these tools is happening rapidly. In many cases, it has become unavoidable.

However, technology alone does not solve the DSAR problem.

Tools are only effective when:

• Records are well structured and consistently stored
• Retention and deletion are under control
• Staff understand how and where information is held
• Clear processes exist for triage, review and sign‑off

Without this foundation, tools risk becoming expensive workarounds rather than sustainable solutions. We still see authorities relying on manual processes, generic redaction software, and improvised workflows simply because the underlying information landscape isn’t ready.

DSARs don’t exist in isolation

One of the biggest challenges for local authorities is that DSARs rarely arrive alone.

A single individual may be simultaneously:

• Submitting a DSAR
• Raising a complaint
• Engaging the ombudsman
• Prompting internal investigations
• Triggering legal disclosure obligations

When these processes aren’t aligned, the same data is repeatedly searched, reviewed and redacted by different teams, creating duplication, inconsistency and risk.

This is where unitaries feel the pressure most strongly: larger organisations, bigger service portfolios, and more internal hand‑offs.

What “good” looks like in practice

Local authorities that are coping best with rising DSAR volumes tend to share some common traits:

• A clear, well‑understood DSAR triage process
• Defined ownership and escalation routes
• Strong links between IG, legal, HR and complaints teams
• Investment in tools aligned to the authority’s actual data maturity
• The ability to scale support during peaks, rather than relying on heroics

Crucially, they accept that DSARs are not just a compliance issue – they are an operational reality that needs sustainable resourcing.

The road ahead

DSAR volumes are unlikely to fall. Tool adoption will continue. Local government structures will keep evolving.

For unitary authorities especially, the challenge is not simply responding to today’s requests but building a DSAR capability that can cope with tomorrow’s demand without burning out teams or increasing risk exposure.

That means moving away from reactive handling and towards:

• Smarter use of technology
• Clear, repeatable processes
• Better records management
• Flexible access to experienced support when needed

Because DSARs are no longer an occasional interruption to business as usual. For local authorities and unitaries, they are business as usual.

How GRC Hub supports local authorities

GRC Hub provides practical DSAR support for local authorities and unitary councils, designed to work alongside existing in‑house teams.

Our DSAR service includes:

• End‑to‑end DSAR handling
• Surge capacity during peaks
• Support for complex and sensitive requests (including staff and social care DSARs)
• Redaction and quality assurance
• Flexible, as‑needed support models

We help councils maintain compliance without overwhelming internal teams.

👉 Find out more about our DSAR support