Is a single request like this from a single individual excessive or repetitive though??

I think GDPR intends to protect businesses from "denial of service attacks" through sending many repetitive or bogus requests. A single, legitimate request is definitely not excessive.

So if you get 100000 individual requests is that going to be excessive? There are people organising already to send such requests to various sites.

Unless your PII workflow is bonkers, you should be able to respond to those letters in mostly automated fashion.

I mean, you do handle your data in mostly universal way, instead of randomly copying pieces of your database to random parties? Right?

How do you automate checking if person requesting the data is the person claims to be. How do you automate reading an email and giving meaningful response?

I admit I'm not sure how the verification part is supposed to look like. For the rest, I assume that if you have a standardized data flow (and don't randomly resell people to different parties), you could automate the part that writes responses, and only have humans read the original mail and check appropriate checkboxes to generate a standardized reply covering all the relevant points.