The Scottish Government has committed to implementing a series of recommendations, following an audit from the Information Commissioner’s Office (ICO). This will lead to improvements in the way people’s data is handled by the Scottish Government.
In 2022, the ICO carried out a consensual data protection audit of various directorates of the Scottish Government. While the ICO observed existing good practice, there are crucial areas the Scottish Government needs to improve on.
Areas identified for improvement include:
- Carrying out a data flow mapping exercise to fully understand how data is used across departments;
- Identifying data protection risks when undertaking new projects;
- Training information asset owners; and,
- Improving measures in place to ensure people’s data is kept secure.
"We welcome the commitment from the Scottish Government to carry out the recommendations made in our audit report. Raising data protection standards encourages public trust and confidence in their services and ensures people’s data is handled appropriately. We will be working with the Scottish Government to ensure they continue to meet their data protection obligations."
- Ken Macdonald, Head of ICO Regions
Areas of good practice identified included:
- A positive staff culture and enthusiasm for their work within data protection or information governance
- Well embedded training processes for staff
- Data protection specialists are embedded within the management of major projects to ensure access to specialist knowledge
View the report of the data protection audit of the Scottish Government here.