Monitoring and improving performance
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
Control measure: Performance and compliance in handling requests is monitored. Performance and compliance information is used to improve processes.
Risk: If not monitored, performance and compliance can’t be improved. This may breach UK GDPR article 5(2).
Ways to meet our expectations:
- Measure performance by looking at the number of requests you’ve received and the percentage you’ve completed within statutory timescales.
- Report performance to senior managers regularly for oversight.
- Regularly discuss and act on metrics or key performance indicators for requests at relevant steering groups.
- Track issues, trends, and reasons for delays in handling requests, and report insight to senior managers regularly for oversight.
- Analyse complaints or appeals about requests, and use lessons learned to improve processes and review policies.
- Monitor the number of complaints to the ICO about how you’ve handled requests.
- Keep records to show clear and sustainable improvement in your request handling processes.
Options to consider:
- Add oversight of requests as a standing agenda item on relevant team and senior management meetings.
- Track the number or percentage of requests with redactions or exemptions when a person raises a query or complaint.
- Send a feedback or satisfaction survey with responses to requests to help identify issues or trends.
- Record minutes of meetings where you discuss request performance.