Data and securityCyber SecurityLondon council spend on GDPR soars

London council spend on GDPR soars

Researchers found that Tower Hamlets council has £300,000 set aside for GDPR compliance

A new policy paper published today from the Parliament Street think tank has revealed that London councils have spent over £1.2m in preparation for the incoming General Data Protect Regulation (GDPR).

The report, GDPR in Local in Local Government, includes survey data revealing that London councils have individually spent up to £300,00 on software, training and consultancy to prepare for the new EU regulation.

Researchers at the think tank found that Tower Hamlets council had the highest budget allocated, with £300,000 set aside for GDPR compliance. The council added that the cost of a dedicated project worker for 12 months on a salary of £49,514 per annum has been committed.

In contrast, the lowest level of spending came from Hounslow, which told us they had already spent £1,000 on staff training and materials, with an additional £4,000 allocated to the project for the rest of the year.

Another councils with a large budget is Redbridge council, which estimated a total budget of £110,689 for GDPR, with an extra £15,000 allocated for management software.

Nick Felton, Director of MHR Analytics, commented: “Data protection legislation is not new, however the way in which public authorities collect, use and share information has changed significantly over the last 20 years. GDPR is designed to add strengthen and unify existing law.

“Under this legislation London Borough Councils must understand what personal data they process, why they process it, how and who processes it and importantly the legal basis used to qualify the processing. They must provide adequate GDPR training to staff, carry out a maturity audit and implement recommendations. They also need to assess if they have clear, concise and adequate use of privacy notices, a breach management strategy which meets the new compulsory reporting conditions, ability to fulfil data subject rights; including  access and management of the withdrawal of consent and data processing maps to demonstrate and manage privacy risk.

“This will be a huge undertaking and significant investment will be needed internally and through the use of third parties, in order to comply with the May deadline. Data continues to be a key asset for all organisations both from a legislation and competitive perspective – data is only getting bigger!”

The full report can be viewed here.

Related Articles

Cyber security is about much more than technology

Cyber Security Cyber security is about much more than technology

1w Austin Clark
Q&A: How cyber security is changing in the public sector

Cyber Security Q&A: How cyber security is changing in the public sector

1m Austin Clark
NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

2m Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

2m Austin Clark
Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

3m Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

3m Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

4m Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

4m Guest Writer