Directors Report
Published 9 June 2022
Directors
The Governance Statement includes the composition of the GLD Board.
Register of interests
No directorships or other significant interests, which may have caused a conflict with their management responsibilities, were held by any Board members. Note 15 to the Accounts confirms that no members of the Board, including Non-Executive Directors, has any related party interests.
Personal data related incidents
All government departments are required to publish information about any serious personal data related incidents, which have to be reported to the Information Commissioner. There were no personal data incidents requiring notification to the Information Commissioner’s Office.
Statement on Information Risk
Assurance on information handling is provided by the Senior Information Risk Owner, Nick Price CBE, Operations Director & Senior Security Advisor, supported by the Security Team and the work of the Security Advisory Group. GLD Directors provide an annual end of year Assurance Report highlighting any risks that crystallised during the year. These assurances have been reviewed by the Audit and Risk Assurance Committee.
GLD holds personal data relating to GLD employees and keeps data owned by other government departments in relation to its role as the principal legal adviser to government. It continues to work with delivery partners and third parties to manage effectively the risk of any loss of personal data held by these other bodies.
During 2021-22, the framework for handling data and to provide assurance over the management of information held within GLD has included but not limited to:
- maintaining oversight of data handling practices in accordance with current departmental policies,
- reviewing current guidance and awareness updates, promoting best practice within GLD, including the mandatory completion by all staff of the Civil Service Learning – ‘Responsible for Information and Data Protection’ course and 2 newly revised General Data Protection Regulations (GDPR) related e-learning courses; - ongoing review of information assets and their associated risks, including assessments of the third party delivery chain, and the incorporation of information risks within the risk management policy and processes; and
- maintaining certification against the ISO 27001:3013 information security standard.
The department also adheres to Cabinet Office Minimum Security Standards relating to cyber security, personnel security, physical security and incident management. We have also maintained our Cyber Essentials Plus certification, in support of the current Lexcel standard.
Audit
GLD’s Accounts are audited by the National Audit Office (NAO) on behalf of the Comptroller and Auditor General.
The NAO also audit the Crown’s Nominee Accounts administered by the department’s Bona Vacantia Division. The auditors provide no further assurance or other advisory services.
Remuneration to auditors for non-audit work
We did not pay any remuneration to the NAO for non-audit work. The notional audit fee for the GLD audit was £72k (2020-21: £71k).