Forming, Norming, Performing, and Transforming
How do you reflect on a year like 2022 in Data Protection? Well I will always look at it through the lens of my team who have for the last 12 months worked hard at becoming a team first and foremost. The Data Privacy and Compliance team was formed in May 2021. The objective was to set up a centralised Data Protection and Privacy function to support the department in all matters relating to Data Protection and Privacy.
In the subsequent 12 months we have worked hard to grow the team, recruiting new members and embedding our new processes and more importantly rolling out a comprehensive programme to address the findings of the review. To that end we have embedded a comprehensive audit process combined with robust scrutiny of Data Protection Impact Assessments, all whilst operating at pace we have created awareness training specifically for Cabinet Office colleagues, developed roadshows, and lunchtime learnings to help train and develop Data Protection Leads in the department, so they feel empowered and enabled to deliver advice to their parts of the organisation.
In January 2022 the Data Subject Access Requests (DSAR) work moved from the FOI Team to the Data Privacy Team. This facilitated the creation of a centralised DSAR function for the department enabling us to respond to data requests within deadlines, and have a Cabinet Office view on volumes and clearance times. To up skill DSAR leads we have held monthly workshops, provided one to one training and worked closely with the Government Legal Department and the Data Protection Officer on complex requests.
Investing in Technology for Streamlining
We have identified and invested in new technologies to help automate our processes. This is finally coming to fruition with our new Data Protection Impact Assessment, Subject Access Rights requests, Records of Processing Activity, and DP compliance assessments being automated, thereby reducing the amount of manual intervention
Awards and Recognition
A massive highlight of the year was the Teams nomination and shortlisting for a PICCASO (Privacy, InfoSec, Culture, Change, Awareness, Societal Organisation) award for the most Innovative Privacy Programme to reflect the work that we are carrying out here at the Cabinet Office. Unfortunately we were pipped at the post by the CSI-COP Team at Coventry University who are using citizen scientists to review cookies on the web, creating a taxonomy of these to allow people to understand the effect that cookies have on web browsing behaviour. So worthy winners!!
There was surprise at the awards ceremony, Our Head of Data Privacy and Compliance Glen Hymers was nominated for an award and on the evening he was humbled to be awarded Privacy Leader of the Year 2022: Public Sector.
Being nominated for these awards is a testament to the hard work and dedication of the team and colleagues, it is not however the end of the journey. The team will continue to work hard to protect the privacy of our citizens and colleagues, ensuring that our organisation keeps data protection and privacy high on the agenda. We are excited to see what the future holds for the area and we look forward to continuing to play a role in shaping it!