Control measure: Performance and compliance in handling requests is monitored. Performance and compliance information is used to improve processes.
Risk: If not monitored, performance and compliance can’t be improved. This may breach UK GDPR article 5(2).
Ways to meet our expectations:
- Measure performance by looking at the number of requests you’ve received and the percentage you’ve completed within statutory timescales.
- Report performance to senior managers regularly for oversight.
- Regularly discuss and act on metrics or key performance indicators for requests at relevant steering groups.
- Track issues, trends, and reasons for delays in handling requests, and report insight to senior managers regularly for oversight.
- Analyse complaints or appeals about requests, and use lessons learned to improve processes and review policies.
- Monitor the number of complaints to the ICO about how you’ve handled requests.
- Keep records to show clear and sustainable improvement in your request handling processes.
Options to consider:
- Add oversight of requests as a standing agenda item on relevant team and senior management meetings.
- Track the number or percentage of requests with redactions or exemptions when a person raises a query or complaint.
- Send a feedback or satisfaction survey with responses to requests to help identify issues or trends.
- Record minutes of meetings where you discuss request performance.