University Hospital of Southampton NHS Foundation Trust (the Trust) reprimanded for failure to respond to data subject access requests (DSARS)

The ICO issued a reprimand to the Trust after it failed to respond to over 40% of DSARS within the statutory time limit during a period of 11 months from 1 August 2022. The Trust also continues to maintain a backlog of cases (621 as of 30 January 2024) which does not appear to be improving.

There were a number of poor practices/compliance failings. Staff dealt with requests in alphabetical order, they failed to keep data subjects updated other than an initial acknowledgment, the Trust was applying extensions to all requests rather than merely complex ones and they failed to make individuals aware of the extensions.

The ICO made several recommendations to assist in improving the processing of DSARs, including ensuring staff are adequately trained in the process, reviewing policies in general, but especially in relation to access to records, the need to consider improvements to the DSAR handling process and the need to monitor DSAR compliance.

The full reprimand can be found here.

If you deal with a significant number of DSARs and would like some advice on how you could improve your procedures and ensure you don’t build up a backlog, please get in touch here.



Don't just take our word for it