Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what steps he is taking to protect people's data held by government departments.

All Departments must adhere to the UK Data Protection legislation to protect personal data held by their departments. All departments are controllers of the personal data they hold and are individually responsible for demonstrating compliance with the data protection principles, and take appropriate technical and organisational measures in line with the UK GDPR. Under the same legislation, all departments are required to appoint a data protection officer (DPO), who must be an adequately resourced expert in data protection to monitor internal compliance, inform and advise on the department’s data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner’s Office.

The DPO must be independent and report to the highest management level.

To reinforce cross government data sharing for consistent application of safeguards, the Government Digital Service runs the Data Sharing Network of Experts to bring together data protection and data governance professionals. There is also a cross government Data Protection Officers Network.