The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Between the period 25 May 2018 to 6 September 2019, the Trust used Outlook to send bulk emails to 1,781 Gender Identity Clinic service users. The Trust failed to comply with Chapter II GDPR, specifically Articles 5(1)(f), and 32(1) & (2).