Medway Council has been given six months to ensure all staff are given data protection training by the Information Commissioner's Office (ICO).
The ICO has issued the council with an enforcement notice to roll-out mandatory training, with refresher training required at least every two years. The notice also requires the council to monitor and document the training.
The ICO had previously recommended that the council implemented a mandatory data protection training programme for all staff back in 2014. However, it conducted a further investigation following two security breaches.
The enforcement notice states: ‘The data controller [council] has failed to take adequate steps to ensure mandatory data protection training has been rolled out, as advised.’
A Medway Council spokesperson said: ‘We are committed to providing high standards of data security and will implement the Information Commissioner’s recent recommendations to further improve the tailoring, monitoring and recording of the mandatory training.’