MoJ to hire task force to help assess IT estate for GDPR compliance

gdpr

The Ministry of Justice (MoJ) plans to hire a task force to assess its entire IT estate for General Data Protection Regulation (GDPR) compliance.

The MoJ Digital and Technology team said that it needs a team of three analysts full-time for a period of 17 weeks with the possibility of a three-week extension.

In a notification, the MoJ said: “The new Data Protection Bill, which includes GDPR, provides greater visibility and access to people who have their data stored and used by an organisation. The new laws ensure that the data is not only protected to the best of the organisations’ capabilities but that it is only used for the initial purposes for which it had been collected.”

The MoJ has allocated £200,000 for the project, irrespective of whether it is completed in 17 weeks or 20 weeks. The £200,000 includes internal and external resource costs. Additionally, it said that the work is being done to assist ongoing assessments of the MoJ’s GDPR compliance status for IT systems.

The notification said that the MoJ intends to understand the scale of GDPR non-compliance across the organisation and to begin remediation efforts and fill the knowledge gap.

Already, the MoJ has undertaken pilot assessment of the Client Cost and Management System (CCMS) within the Legal Aid Agency; National Offender Management Information System (NOMIS) in HM Prison and Probation Service; Tariff System in the Criminal Injuries Compensation Authority (CICA); BRAVO sourcing system within the IRS; and the Libra Management Information System for magistrates courts in the HM Courts and Tribunals Service (HMCTS).

Many FTSE 500 and Fortune companies still not GDPR ready

The MoJ will evaluate up to eight suppliers based on a weighting of technical competence (50%), cultural fit (20%) and price (30%).

Start date of the project will be 2 April 2018 – eight weeks before 25 May 2018 when the GDPR comes into effect and the current MoJ team consists of a civil servant and a contractor, working with a central GDPR team. The closing date for applications is 22 February 2018.