UK GDPRHealthcare

Staines Health Group

Data Subject Rights

Authority

ICO

Country

United Kingdom

Date Issued

December 15, 2025

Industry

Healthcare

Summary

Staines Health Group issued a reprimand for sending 23 years of medical records directly to an insurance company instead of the requested 5 years to the patient first for review, resulting in excessive and unnecessary disclosure of sensitive health data without proper data subject oversight.

Violation Types

Data Subject RightsData CollectionHealth Data

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert