Data and securityCyber SecurityCouncils have work to do to prepare for new data protection law, ICO says

Councils have work to do to prepare for new data protection law, ICO says

Survey reveals councils need to do much more to protect data - with a quarter yet to appoint a data protection officer

Local councils are being offered advice from the data protection regulator ahead of a new law coming into force next year.

The Information Commissioner’s Office (ICO) has today published the results of a survey completed by local councils at the end of last year, along with a blog highlighting guidance available to help councils achieve compliance with the new General Data Protection Regulation (GDPR).

Anulka Clarke, ICO Head of Good Practice, said: “The overarching conclusion from our analysis of the survey results was that, although there is a lot of good practice out there, with GDPR coming in May 2018, many councils have work to do to prepare for the new GDPR.

“Just this week the ICO fined Norfolk Council for a data breach involving social work files. We will issue fines where necessary but we’d much rather work with councils to help them prevent data security incidents.

“That’s why we undertook this survey, to find out where the problems are, and why the ICO will be on hand in the run up to May 2018 to help councils in their GDPR preparations.”

 

Survey results

The ICO’s Good Practice department conducted a survey at the end of last year to find out more about information governance practices in local government. It received 173 responses.

Staggeringly, the survey discovered that a quarter of councils do not have a data protection officer, despite GDPR regulations, due to come into force in May 2018, stating that they must have one.

Other findings include:

  • a third of councils are failing to complete privacy impact assessments
  • more than 15% of councils do not have data protection training for staff processing personal data
  • 37% of councils have no data sharing policy in place
  • only 17% completeg an Information Asset Register (IAR) to show what information they hold
  • 34% of councils do not carry out privacy impact assessments (PIAs)

You can view the full results of the survey here and read the blog in full here.

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

2m Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

2m Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

2m Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

2m Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

2m Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

2m Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2m Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

4m Jay Ashar