Department for Education Broke Data Laws on Pupil Protection Finds Report
- An audit completed by the Information Commissioners Officer has found that the Department of Education has been in direct breach of data protection laws.
- The audit claims that the has no clear picture of what their data holds, and no Record of Processing Activity in place
- It has also found that the DfE failed to demonstrate accountability to GDPR, with no formal proactive oversight of any function of information governance, including data protection, records management, risk management, data sharing and information security
- The compulsory audit, was intended to provide “an assurance of the extent to which the DfE…is complying with data protection legislation”, including how it handles and allows external access to pupil and student data