Back to Explorer
UK GDPRHealthcare

NHS Blood and Transplant

Security

Authority

ICO

Country

United Kingdom

Date Issued

March 2, 2023

Industry

Healthcare

Summary

NHS Blood and Transplant received a reprimand from the ICO for inadvertently deploying untested development code into a live transplant matching system in August 2019, which could have compromised patient data integrity and organ allocation processes. The organization failed to implement adequate security controls and testing procedures before code deployment.

Violation Types

SecurityData ProcessingRisk Assessment

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert