FOI Request GDPR Training and the ICO
I would be very grateful if you could provide the following information relating to GDPR (General Data Protection Regulation) that is due to come into force in 2018 under the Freedom of Information (Scotland) Act 2002:
1. When will a GDPR training programme be rolled out to all staff?
2. Will the training be mandatory for all staff?
3. Who will be responsible for ensuring all staff have completed effective GDPR training?
4. Which department will be responsible for ensuring all staff are compliant in GDPR when it comes into force?
5. Please provide any copies, including draft versions, of the GDPR training to be rolled out to staff
6. How will the Information Governance Unit prepare for the introduction of GDPR?
7. Will all staff who are working on a response to the Scottish Child Abuse Inquiry be fully trained in the current data protection legislation as well as GDPR?
8. How many data protection breaches, including near misses, have been reported to the ICO by Moray Council?
9. How many data protection breaches, including near misses, have not been reported to the ICO by Moray Council?
10. Who is responsible for reporting data protection breaches to the ICO?
1. A prioritised training programme will be rolled out to appropriate staff prior to 25th May, 2018.
2. No - only for those staff who handle personal and/or sensitive data.
3. Departmental managers
4. Chief Executive → Information Assurance Group / ICT – Information Security
5. This information is exempt under Section 17 of the Freedom of Information (Scotland) Act 2002- Information Not Held. This is still to be developed.
6. Small working group to be set up with representation from key services.
7. Yes, when appropriate.
8. 5 recorded as having been reported to ICO since 2012
9. 35 minor breaches have not been reported to ICO since 2012
10. Records & Heritage Manager