Data Protection Officer & Data Subject Requests

The request was partially successful.

Dear Avon and Somerset Constabulary,

Please can you provide the answers and statistics for the following questions in relation to Data Subject Access Requests made to the organisation for each calendar year between the 1st January 2018 to 25th August 2020 inclusive

1. How many Data Subject Access Request have been made to the force broken down by;
a. Requests made by the Data Subject themselves
b. Request made by a third-party on behalf of the Data Subject

2. How many requests were rejected and the broad reasons for those rejections

3. How many requests were responded to in full or in part, and for each of these;
o Whether the response was within one, two, three or longer calendar months after the valid request was received;
and where responded to outside of one calendar month;
• Whether the requestor was notified within the first calendar month of the delay to the response
• The broad categories for the delay in responding within the first calendar month

4. How many requests excluded the provision of personal data held which was later used or otherwise disclosed to the Data Subject (or a representative) for another reason, for example in evidence.

In addition to the above, please could you provide details of;
• The Name, Job Title, and Rank and Badge Number (if applicable) of the individual holding the role of Data Protection Officer for the organisation;
• If that individual has any other duties, what (in general) those duties are.
• What “professional qualities and, in particular, expert knowledge of data protection law and practices” (if any) are held by that individual in accordance with Article 35(5) of the GDPR
• If DPO the role holder is a Shared Resource, which other organisations are served by that DPO.
• How many people you have working within your Data Protection Compliance team.

Yours faithfully,

Mike Kilby

#Freedom of Information Requests, Avon and Somerset Constabulary

Thank you for your request for information. Your request will now be considered and you will receive a response within the statutory timescale of 20 working days as defined by the Act. In some circumstances Avon and Somerset Constabulary may be unable to achieve this deadline if consideration needs to be given to the public interest test. If this is likely you will be informed and given a revised time-scale at the earliest opportunity.

show quoted sections

#Freedom of Information Requests, Avon and Somerset Constabulary

2 Attachments

Mike Kilby Our 872/20
Reference
[FOI #687813 email] Date 23
September
  2020

 

Dear Mike Kilby,

 

I write in connection with your request for information dated 26^th August
2020 under the Freedom of Information Act.

 

Specifically you asked:

 

Please can you provide the answers and statistics for the following
questions in relation to Data Subject Access Requests made to the
organisation for each calendar year between the 1st January 2018 to 25th
August 2020 inclusive

 

 1. How many Data Subject Access Request have been made to the force
broken down by;

 

a.            Requests made by the Data Subject themselves

b.            Request made by a third-party on behalf of the Data Subject

 

 2. How many requests were rejected and the broad reasons for those
rejections

 

 3. How many requests were responded to in full or in part, and for each
of these;

a)    Whether the response was within one, two, three or longer calendar
months after the valid request was received;

b)    and where responded to outside of one calendar month; Whether the
requestor was notified within the first calendar month of the delay to the
response

c)    The broad categories for the delay in responding within the first
calendar month

 

 4. How many requests excluded the provision of personal data held which
was later used or otherwise disclosed to the Data Subject (or a
representative) for another reason, for example in evidence. 

 

5.    In addition to the above, please could you provide details of;

•      The Name, Job Title, and Rank and Badge Number (if applicable) of
the individual holding the role of Data Protection Officer for the
organisation;

•      If that individual has any other duties, what (in general) those
duties are.

•      What “professional qualities and, in particular, expert knowledge
of data protection law and practices” (if any) are held by that individual
in accordance with Article 35(5) of the GDPR

•      If DPO the role holder is a Shared Resource, which other
organisations are served by that DPO.

 

 6. How many people you have working within your Data Protection
Compliance team

 

Our response:

 

Your request has been considered and I regret to advise you that your
request is refused because we estimate that the cost of retrieving the
requested information would exceed the cost limits under the Act which is
currently set at £450 or 18 staff hours work.  This letter represents a
Refusal Notice under the Act.

 

This is because the information requested for questions one, two and three
is not centrally recorded and would involve an extensive search of our
files to find and collate it. With approximately 2,500 SARs received
within the timeframe requested each requested would need to be manually
reviewed for us to establish an accurate figure. At five minutes per
request it is estimated it would take considerably longer than 18 hours to
comply.

 

If you would like to refine your request in order to bring it down to a
more manageable level, we may be able to supply you with some of the
information you require. This can be done by seeking the overall amount of
requests received during the timeframe requested and by omitting questions
2 and 3c. 

 

Yours sincerely

 

Adam Northcott

Disclosure Officer

 

Freedom of Information

Legal Services|  Avon and Somerset Police

Police and Fire HQ,

Valley Road,

Portishead,

North Somerset,

BS20 8QJ

Email  [1][email address]

 

[2]www.avonandsomerset.police.uk  |  Follow us on [3]Twitter and
[4]Facebook

 

[5]ASP-Email-Signature-258px-Nov2018

 

Please note:

1.                    Requests and responses may be published on Avon and
Somerset Constabulary’s website (within 24 hours), some of which may

contain a link to additional information, which may provide you with
further clarification.

2.                    Whilst we may verbally discuss your request with you
in order to seek clarification, all other communication should be made in

writing.

3.                    Avon and Somerset Constabulary provides you with the
right to request a re-examination of your case under its review

procedure (copy attached).

 

 

 

show quoted sections

Dear Mr Northcott,

I shall refine my request to those elements which you should hold in an easily obtainable form in order to be compliant with the GDPR and DPA2018.

For each calendar year within the period 1st January 2018 to 25th August 2020 inclusive, please provide;

1. How many Data Subject Access Request have been made to the force in each year;
2. How many requests were rejected in each year
3. How many requests were responded to within one calendar month in each year
5. How many requests were responded to between one to two calendar months from receipt in each year
6. How many requests were responded to between two to three calendar months from receipt in each year
7. How many requests were responded to after three calendar months from receipt in each year
8. Please could you provide details of;
• The Name, Job Title, and Rank and Badge Number (if applicable) of
the individual holding the role of Data Protection Officer for the
organisation;
• If that individual has any other duties, what (in general) those
duties are.
• What “professional qualities and, in particular, expert knowledge
of data protection law and practices” (if any) are held by that individual
in accordance with Article 35(5) of the GDPR
• If DPO the role holder is a Shared Resource, which other
organisations are served by that DPO.

9. How many people you have working within your Data Protection
Compliance team

If any of this request would exceed the time or cost constraints, please provide what you can within those time or cost constraints.

Yours sincerely,

Mike Kilby

#Freedom of Information Requests, Avon and Somerset Constabulary

Thank you for your request for information. Your request will now be considered and you will receive a response within the statutory timescale of 20 working days as defined by the Act. In some circumstances Avon and Somerset Constabulary may be unable to achieve this deadline if consideration needs to be given to the public interest test. If this is likely you will be informed and given a revised time-scale at the earliest opportunity.

show quoted sections

#Freedom of Information Requests, Avon and Somerset Constabulary

2 Attachments

Legal Services Directorate

Force Headquarters,

PO Box 37, Valley Road,

Portishead,

Bristol,

BS20 8QJ

Email [email address]    

 

 

 

 

Mike Kilby Our 952/20
Reference
[FOI #687813 email] Date 16
October
2020

 

Dear M Kilby,

 

Re: Request for information dated 23^rd September 2020 under the Freedom
of Information Act.

 

I write in connection with your above request where you asked as follows:-

 

For each calendar year within the period 1st January 2018 to 25th August
2020 inclusive, please provide;

 

1.            How many Data Subject Access Request have been made to the
force in each year;

 

2.            How many requests were rejected in each year

 

3.            How many requests were responded to within one calendar
month in each year

 

4.            How many requests were responded to between one to two
calendar months from receipt in each year

 

5.            How many requests were responded to between two to three
calendar months from receipt in each year

 

6.            How many requests were responded to after three calendar
months from receipt in each year

 

7.            Please could you provide details of;

 

a)            The Name, Job Title, and Rank and Badge Number (if
applicable) of the individual holding the role of Data Protection Officer
for the organisation;

 

b)            If that individual has any other duties, what (in general)
those duties are.

 

c)            What “professional qualities and, in particular, expert
knowledge of data protection law and practices” (if any) are held by that
individual in accordance with Article 35(5) of the GDPR

 

d)            If DPO the role holder is a Shared Resource, which other
organisations are served by that DPO.

 

8.            How many people you have working within your Data Protection
Compliance team

 

Our response:

 

The Data protection team received the following number of requests from
January 1^St 2018 up to 25^th August 2020.

 

+------------------------------------------------------------------------------+
| 2018 | 2019 | 2020 |
|--------------------------+-------------------------+-------------------------|
| 710 | 1068 | 642 |
+------------------------------------------------------------------------------+

 

There have been no rejections within the timeframe requested. Applications
for access to data are only valid if they meet requirements as set out in
the legislation. If these requirements are not met then the request will
not valid. Invalid requests are not recorded. All requests that meet these
requirements will be responded to.

 

Please find a breakdown of requests that were responded to between Jan
1^st 2018 to 25^th August 2020. It is worth noting that prior to GDPR
being introduced in 2018, 40 days were given to respond to a request for
personal data, therefore in the table below, 2018 has been broken down to
reflect this.

 

+------------------------------------------------------------------------+
| | 2018 | 2018 | 2019 | 2020 |
| Total responded to per annum | | | | |
| | (pre-GDPR) | (post GDPR) | | |
|-------------------------------+------------+-------------+------+------|
|Within one month | | | | |
| | 170 | 476 | 686 | 540 |
|(within 40 days pre-GDPR) | | | | |
|-------------------------------+------------+-------------+------+------|
|Over one month under 2 months | 0 | 19 | 205 | 10 |
|-------------------------------+------------+-------------+------+------|
|Over 2 months under 3 months | 0 | 0 | 48 | 2 |
|-------------------------------+------------+-------------+------+------|
|Over 3 months | 0 | 0 | 133 | 1 |
+------------------------------------------------------------------------+

 

Please be aware there will be discrepancies between yearly figures due to
a request being received in December and responded to in January. There
will also be discrepancies for 2020 due to requests being received after
26^th July which were yet to be disclosed.  

 

The Data Protection Officer (DPO) for Avon and Somerset Constabulary is
Kate Britton (#6265.) The DPO does not fulfil any other duties as of the
date of your request.

The DPO holds the following qualifications;

o BCS Data Protection Certificate and update for GDPR
o BCS Practitioner Certificate Freedom of Information

The DPO also serves the Office of the Police and Crime Commissioner for
Avon and Somerset Constabulary.

 

Avon and Somerset Constabulary Data Protection Compliance team currently
consists of 1.5 Research Officers, 2.5 Disclosure Officers and the team is
managed by one Data Protection Team Manager.

 

Yours sincerely,

 

Adam Northcott

Disclosure Officer

[1]www.avonandsomerset.police.uk  | Follow us on [2]Twitter and
[3]Facebook

 

 

 

Please note:

1.     Requests and responses may be published on Avon and Somerset
Constabulary’s website (within 24 hours), some of which may contain a link
to additional information, which may provide you with further
clarification.

2.     Whilst we may verbally discuss your request with you in order to
seek clarification, all other communication should be made in writing.

3.     Avon and Somerset Constabulary provides you with the right to
request a re-examination of your case under its review procedure (copy
attached).

 

 

 

show quoted sections