ICO finds UK’s Department for Education’s pupil data handling fails GDPR compliance

According to the Guardian, a report of the UK Information Commissioner’s Office (ICO) has shown that the UK’s Department for Education (DfE) broke the law in its mishandling of the national database containing details of every school pupil in England. After complaints from civil society groups including Liberty, the ICO found that the DfE had failed to comply with sections of the EU’s General Data Protection Regulation (GDPR). The report states that ‘there is no formal proactive oversight of any function of information governance, including data protection, records management, risk management, data sharing and information security within the DfE which along with a lack of formal documentation means the DfE cannot demonstrate accountability to the GDPR’.