Privacy teams spent 2025 absorbing record DSR volume, mapping undisclosed AI risk in their vendor stack, and contending with the highest regulatory and enforcement stakes on record to date.
DataGrail's 2026 Privacy and AI Trends Report draws on direct operations data across hundreds of organizations to reveal what's actually driving these trends:
- The shadow AI exposure hiding in most programs: In DataGrail's review of 2,400 leading business systems, 63.6% of AI vendors don't disclose their subprocessors in legal documentation. Legal review alone is no longer sufficient.
- DSR automation is no longer optional: Deletion requests have surged 567% since 2021, with data brokers absorbing a 398% jump in 2025 alone. At this volume, manual DSAR processing isn't a strategy.
- Consent is still the most commonly failed audit check: DataGrail's audit of 5,000 popular websites found that 63% fail to comply with universal opt-out mechanisms. It's the easiest compliance win, and the most commonly missed.
- Benchmarks to put your program in context: Compare your DSR volume against industry peers, see whether your opt-out rate is in line with the average, and and explore how assessment volume varies across industries as California's new requirements take hold.