DSAR automation at scale — handling Art. 15 requests across fragmented systems

Jurisdiction: EU, DE We're running a mid-scale SaaS (50k+ users) with data scattered across Postgres, Redis, Elasticsearch, S3, and a third-party CRM. DSAR requests under GDPR Art. 15 are taking 3-4 weeks of manual engineering time to fulfill — well within the legal deadline but operationally painful. We've built a data discovery layer that maps user identifiers across systems, but the hard part is the narrative: producing a human-readable summary of what data we hold, not just a JSON dump. The DPA guidance is clear that the response must be intelligible to the data subject. How are other teams handling this? Are you using LLMs to generate the narrative summary (and if so, how do you audit for accuracy)? Or keeping it strictly template-based with human review? What's your threshold for "too much data" to include — do you summarize or attach raw exports? Confidentiality acknowledged — this is peer experience exchange, not legal advice seeking.