The Department for Education has been criticised over its handling of the introduction of General Data Protection Regulation.
The Government Internal Audit Agency, which checks the governance of the Department for Education, rated its readiness for GDPR as “unsatisfactory”, according to the latest Department for Education consolidated annual report and accounts.
The "unsatisfactory" rating was given after nine risks were found in the DfE’s programme for GDPR after an audit in February 2018, just three months before the GDPR rules were due to come into force in May 2018.
Delivering GDPR compliance
The rating means that there were “fundamental weaknesses in the framework of governance, risk management and control such that it is inadequate and ineffective or is likely to fail”.
The report states that “high priority” was assigned to the audit findings and a dedicated team was put in place to deliver GDPR compliance.
The work has meant that eight of the nine risks have now been resolved and the remaining risk is due to be dealt with by the end of July 2018.