DfE's GDPR plan 'unsatisfactory'

'Fundamental weaknesses' found in the Department for Education's approach just three months before rules came into force

Helen Ward

GDPR teachers

The Department for Education has been criticised over its handling of the introduction of General Data Protection Regulation.

The Government Internal Audit Agency, which checks the governance of the Department for Education, rated its readiness for GDPR as “unsatisfactory”, according to the latest Department for Education consolidated annual report and accounts.

The "unsatisfactory" rating was given after nine risks were found in the DfE’s programme for GDPR after an audit in February 2018, just three months before the GDPR rules were due to come into force in May 2018.

Delivering GDPR compliance

The rating means that there were “fundamental weaknesses in the framework of governance, risk management and control such that it is inadequate and ineffective or is likely to fail”.

The report states that “high priority” was assigned to the audit findings and a dedicated team was put in place to deliver GDPR compliance.

The work has meant that eight of the nine risks have now been resolved and the remaining risk is due to be dealt with by the end of July 2018.

Register to continue reading for free

It only takes a moment and you'll get access to more news, plus courses, jobs and teaching resources tailored to you

Latest stories

coronavirus live

Coronavirus and schools: LIVE 11/8

A one-stop shop for teachers who want to know what impact the outbreak of the virus will have on their working lives
Tes Reporter 11 Aug 2020