28 Jun

Police fail to handle public data requests

The Metropolitan Police Service have failed to respond to Subject Access Requests (SAR’s) for personal data quick enough, the ICO has revealed.

The Information Commissioner’s Office has issued two enforcement notices to the Met Police after the regulator learned that backlog of over 1,700 requests for copies of data from UK citizens had been left unanswered.

Anyone in the UK now has the legal right to find out what information is held about them by organisations under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA2018).

This includes the police force and other law enforcement agencies, though police forces can limit the amount of information provided if, for example, it would prejudice an investigation or legal inquiry.

You are now within your rights to ask for a copy free of charge for the police within one calendar month.

GDPR

Under the GDPR, SAR’s are a legal right and allow individuals to request access to their data and receive it within one month. However, it has emerged that as many as 1,169 requests to the police service are now beyond the statutory response deadline.

A further 689 requests are said to be more than three months old.

The ICO has criticised the backlog as a “cause for concern” by the UK data watchdog, and “evidence of a systemic failure to respond to subject access requests”.

And added that the Met Police has ultimately “failed in its data protection obligations“.

It has now ordered them to respond to all SARs and clear its backlog by September 2019, otherwise, it could face further sanctions, including a GDPR-scale financial penalty of €20 million.

The ICO has also told the Met Police to make changes to its internal systems and policies to ensure that data subjects are kept up to date on any delays to their SAR. They have also been told to provide information on how the backlog is being addressed.

Compliance

The data watchdog said that the implementation of GDPR has resulted in an “unprecedented rise in demand” by the public for access to data, placing strain on public services and organisations to respond in a timely manner.

However, the “fluctuating backlog” of requests, and because of several meetings and correspondence with the Met Police ultimately proved to be “ineffective“, they have decided that enforcement action is required to “encourage compliance“.

Recent data showed that most organisations had experienced a rise in SARs, the majority of which were from their own employees.

The ICO say that failure to respond to a SAR is considered a serious matter, because it not only prevents a data subject from understanding how their data is being processed by an organisation, but it also stops them from exercising additional rights based on that information.

The ICO has now encouraged all organisations to review their processes for handling SARs, and ensure they are able to respond within the statutory time limit.

In a recent blog, Suzanne Gordon, Director of Data Protection Complaints and Compliance for the ICO said: “[I]n a recent report to us the MPS indicated it had more than 1,100 open requests – with nearly 680 over three months old, this is a cause for concern,”

“In short, the MPS has failed in its data protection obligations by not responding to SARs [subject access requests] within a calendar month.”

The ICO has handed out two enforcement notices ordering the MPS to respond to all requests by September 2019.

Recovery plan

The MPS has since told the ICO that they have a recovery plan in place, with senior officers committed to addressing the backlog over the next four months.

“Ultimately, the public must be able to trust that police forces are upholding their information rights, and this case is a reminder to other police forces that we will take action against those organisations that do not comply with their SAR obligations,”

The ICO has handed out two enforcement notices ordering the MPS to respond to all requests by September 2019.

The MPS has since told the ICO that they have a recovery plan in place, with senior officers committed to addressing the backlog over the next four months.

“Ultimately, the public must be able to trust that police forces are upholding their information rights, and this case is a reminder to other police forces that we will take action against those organisations that do not comply with their SAR obligations,” Gordon continued.

 

LATEST NEWS

BENEFITS

  • Feature
    No set up fee
  • Feature
    Maintain compliance
  • Feature
    Save time and resources
  • Feature
    Certified GDPR experts
  • Feature
    Protect your reputation
  • Feature
    Protect your business
THE COMBINATION OF GDPR CERTIFIED SPECIALISTS AND COMPLIANCE EXPERTS, BACKED BY OUR PROPRIETARY iCaaS SOFTWARE PLATFORM DELIVERS THE MOST EFFECTIVE GDPR COMPLIANCE, ANYWHERE.
Photo

Pricing

Check out our most popular packages to assist your business to achieve 100% GDPR compliance
  • PAY MONTHLY
  • PAY IN ADVANCE
    ONE MONTH FREE
24/7 portal access

30 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP Analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Extensive FAQs

1 authorised user

Instant access

£49 PER MONTH

Buy Now

£539

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

120 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Data breach support

Extensive FAQs

Up to 4 authorised users

Instant access

£99 PER MONTH

Buy Now

£1089

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

240+ minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Advanced DPIA guidance

Proactive project plan tracking

Automated legislation and ICO updates

Enhanced data breach notification support

Extensive FAQs

Up to 10 authorised users

CONTACT US

Get In Touch
PRICE ON APPLICATION

INTERESTED...
TRY OUR DEMO

No need to wait. Log in straight away and take a look at our easy-to-use online portal 24/7.

ONLINE DEMO

HAVE ANY
QUESTIONS?

Our team of GDPR experts are here to offer you pre sales advice to help you choose the right package.

READY TO
GET STARTED?

Wherever you are, our solution helps you reach and maintain compliance.

BUY NOW

Get in
Touch

ADDRESS

8 Elmwood, Chineham Park,
Basingstoke, RG24 8WG

CONNECT WITH US