ICO statement following Scottish Government’s consensual data protection audit

The Scottish Government has committed to implementing a series of recommendations, following an audit from the Information Commissioner’s Office (ICO). This will lead to improvements in the way people’s data is handled by the Scottish Government.

In 2022, the ICO carried out a consensual data protection audit of various directorates of the Scottish Government. While the ICO observed existing good practice, there are crucial areas the Scottish Government needs to improve on.

Areas identified for improvement include:

  • Carrying out a data flow mapping exercise to fully understand how data is used across departments;
  • Identifying data protection risks when undertaking new projects;
  • Training information asset owners; and,
  • Improving measures in place to ensure people’s data is kept secure.

“We welcome the commitment from the Scottish Government to carry out the recommendations made in our audit report. Raising data protection standards encourages public trust and confidence in their services and ensures people’s data is handled appropriately. We will be working with the Scottish Government to ensure they continue to meet their data protection obligations.”

– Ken Macdonald, Head of ICO Regions

Areas of good practice identified included:

  • A positive staff culture and enthusiasm for their work within data protection or information governance
  • Well embedded training processes for staff
  • Data protection specialists are embedded within the management of major projects to ensure access to specialist knowledge

View the report of the data protection audit of the Scottish Government here.

Related posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.