Data and securityCyber SecurityLondon council spend on GDPR soars

London council spend on GDPR soars

Researchers found that Tower Hamlets council has £300,000 set aside for GDPR compliance

A new policy paper published today from the Parliament Street think tank has revealed that London councils have spent over £1.2m in preparation for the incoming General Data Protect Regulation (GDPR).

The report, GDPR in Local in Local Government, includes survey data revealing that London councils have individually spent up to £300,00 on software, training and consultancy to prepare for the new EU regulation.

Researchers at the think tank found that Tower Hamlets council had the highest budget allocated, with £300,000 set aside for GDPR compliance. The council added that the cost of a dedicated project worker for 12 months on a salary of £49,514 per annum has been committed.

In contrast, the lowest level of spending came from Hounslow, which told us they had already spent £1,000 on staff training and materials, with an additional £4,000 allocated to the project for the rest of the year.

Another councils with a large budget is Redbridge council, which estimated a total budget of £110,689 for GDPR, with an extra £15,000 allocated for management software.

Nick Felton, Director of MHR Analytics, commented: “Data protection legislation is not new, however the way in which public authorities collect, use and share information has changed significantly over the last 20 years. GDPR is designed to add strengthen and unify existing law.

“Under this legislation London Borough Councils must understand what personal data they process, why they process it, how and who processes it and importantly the legal basis used to qualify the processing. They must provide adequate GDPR training to staff, carry out a maturity audit and implement recommendations. They also need to assess if they have clear, concise and adequate use of privacy notices, a breach management strategy which meets the new compulsory reporting conditions, ability to fulfil data subject rights; including  access and management of the withdrawal of consent and data processing maps to demonstrate and manage privacy risk.

“This will be a huge undertaking and significant investment will be needed internally and through the use of third parties, in order to comply with the May deadline. Data continues to be a key asset for all organisations both from a legislation and competitive perspective – data is only getting bigger!”

The full report can be viewed here.

Related Articles

Six top security and risk management trends revealed

Cyber Security Six top security and risk management trends revealed

7d Austin Clark
DDoS Defence Demands a Hybrid Approach

Cyber Security DDoS Defence Demands a Hybrid Approach

2w Guest Writer
NHS Digital joins forces with IBM to beef up NHS cyber security

Cyber Security NHS Digital joins forces with IBM to beef up NHS cyber security

2w Austin Clark
HMRC storing voice ID data 'without consent'

Cyber Security HMRC storing voice ID data 'without consent'

3w Austin Clark
Government’s rapid cloud adoption lacks security (Infographic)

Cloud Computing Government’s rapid cloud adoption lacks security (Infographic)

1m Austin Clark
Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

Cyber Security Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

1m Guest Writer
The need for a strategic approach to cyber security purchasing

Cyber Security The need for a strategic approach to cyber security purchasing

2m Guest Writer
The need for a strategic approach to cyber security purchasing

Cyber Security The need for a strategic approach to cyber security purchasing

2m Austin Clark