100 GDPR Breaches Admitted By Home Office

The Independent Chief Inspectorate of Borders and Immigration (ICIBI) has released a report revealing that the Home Office breached GDPR 100 times in five months.

Between 30th March – 31st August 2019, the Home Office admitted to a multitude of errors when it handled EU Citizens’ data with regards to the EU Settlement Scheme (EUSS).

Seemingly, human error is the reason behind the breaches. In July, a postal company misplaced 23 documents.

Whilst in April, 240 email addresses were exposed after a Home Office employee forgot to add them to the BCC file when sending a bulk email.

At the EUSS office, 10 documents were misplaced, then found and sent to the wrong recipient.

The ICIBI report concluded:

“The information provided to inspectors regarding data breaches each month between April and July 2019 (with a slight dip in August 2019), albeit most of those to the end of June were due to a postal company rather than the EUSS staff or processes.

“Data breaches damage public confidence, and applicants will blame the Home Office, whether or not this is fair. It is therefore important for the Home Office to do everything it can to keep breaches to a minimum.”

The Home Office claims it is improving its data protection processes which according to the ICIBI are easily fixable and can prevent future breaches.

In its reply to the ICIBI, the Home Office said:

“We are in discussion with the heads of security, integrity and data protection to ensure processes are aligned to GDPR compliance.

“Bulk email processes have changed so there will be no errors going forward.”