Data and securityCyber SecurityLondon council spend on GDPR soars

London council spend on GDPR soars

Researchers found that Tower Hamlets council has £300,000 set aside for GDPR compliance

A new policy paper published today from the Parliament Street think tank has revealed that London councils have spent over £1.2m in preparation for the incoming General Data Protect Regulation (GDPR).

The report, GDPR in Local in Local Government, includes survey data revealing that London councils have individually spent up to £300,00 on software, training and consultancy to prepare for the new EU regulation.

Researchers at the think tank found that Tower Hamlets council had the highest budget allocated, with £300,000 set aside for GDPR compliance. The council added that the cost of a dedicated project worker for 12 months on a salary of £49,514 per annum has been committed.

In contrast, the lowest level of spending came from Hounslow, which told us they had already spent £1,000 on staff training and materials, with an additional £4,000 allocated to the project for the rest of the year.

Another councils with a large budget is Redbridge council, which estimated a total budget of £110,689 for GDPR, with an extra £15,000 allocated for management software.

Nick Felton, Director of MHR Analytics, commented: “Data protection legislation is not new, however the way in which public authorities collect, use and share information has changed significantly over the last 20 years. GDPR is designed to add strengthen and unify existing law.

“Under this legislation London Borough Councils must understand what personal data they process, why they process it, how and who processes it and importantly the legal basis used to qualify the processing. They must provide adequate GDPR training to staff, carry out a maturity audit and implement recommendations. They also need to assess if they have clear, concise and adequate use of privacy notices, a breach management strategy which meets the new compulsory reporting conditions, ability to fulfil data subject rights; including  access and management of the withdrawal of consent and data processing maps to demonstrate and manage privacy risk.

“This will be a huge undertaking and significant investment will be needed internally and through the use of third parties, in order to comply with the May deadline. Data continues to be a key asset for all organisations both from a legislation and competitive perspective – data is only getting bigger!”

The full report can be viewed here.

Related Articles

Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

2w Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

2w Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

3w Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

1m Guest Writer
Making the cloud a safe space

Cloud Computing Making the cloud a safe space

1m Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

2m Austin Clark
Government security analysts 'at risk of being overwhelmed by attacks'

Cyber Security Government security analysts 'at risk of being overwhelmed by attacks'

2m Austin Clark
DCMS proposes new cyber security council in latest consultation

Cyber Security DCMS proposes new cyber security council in latest consultation

2m Austin Clark