The UK Home Office breached GPDR at least 100 times when dealing with applications for residency rights as part of the EU Settlement Scheme (EUSS).
According to a report from David Bolt, the Independent Chief Inspector of Borders and Immigration (ICIBI), significant and manifold breaches of the data protection regulation occurred as part of the vetting process.
Citizens of the EU, EEA and Switzerland can use the EUSS to apply for settled status that would allow them to remain in the United Kingdom after 30 June 2021. By January, the number of applications received had reached more than 2.7 million.
The ICIBI investigation found GDPR had been breached 100 times between March 30 and August 31 by the Home Office – the ministerial department responsible for managing the EUSS.
Despite staff attending mandatory GDPR training, the report said the Home Office was guilty of misplacing documents and identification, losing passports, sending emails to the wrong recipients and sharing applicant information with third parties without permission.
The incidents described are generally process-related and should therefore be relatively simple to remedy. The ICIBI report called for the government department “to do everything it can to keep breaches to a minimum” and to minimise simple errors through “clear instructions and good organisation.”
The Home Office insists it pays close attention to process and is committed to ensuring it adheres to data protection regulations.
“We regularly review all processes and procedures to mitigate against data breaches. These are reviewed regularly and amended if needed,” it said.
“We are also in discussion with the heads of security, integrity and data protection to ensure our processes are aligned to GDPR compliance.”
The department says GDPR awareness training is compulsory and sessions held at regular intervals to account for staff churn.