Data and securityCyber SecurityLondon council spend on GDPR soars

London council spend on GDPR soars

Researchers found that Tower Hamlets council has £300,000 set aside for GDPR compliance

A new policy paper published today from the Parliament Street think tank has revealed that London councils have spent over £1.2m in preparation for the incoming General Data Protect Regulation (GDPR).

The report, GDPR in Local in Local Government, includes survey data revealing that London councils have individually spent up to £300,00 on software, training and consultancy to prepare for the new EU regulation.

Researchers at the think tank found that Tower Hamlets council had the highest budget allocated, with £300,000 set aside for GDPR compliance. The council added that the cost of a dedicated project worker for 12 months on a salary of £49,514 per annum has been committed.

In contrast, the lowest level of spending came from Hounslow, which told us they had already spent £1,000 on staff training and materials, with an additional £4,000 allocated to the project for the rest of the year.

Another councils with a large budget is Redbridge council, which estimated a total budget of £110,689 for GDPR, with an extra £15,000 allocated for management software.

Nick Felton, Director of MHR Analytics, commented: “Data protection legislation is not new, however the way in which public authorities collect, use and share information has changed significantly over the last 20 years. GDPR is designed to add strengthen and unify existing law.

“Under this legislation London Borough Councils must understand what personal data they process, why they process it, how and who processes it and importantly the legal basis used to qualify the processing. They must provide adequate GDPR training to staff, carry out a maturity audit and implement recommendations. They also need to assess if they have clear, concise and adequate use of privacy notices, a breach management strategy which meets the new compulsory reporting conditions, ability to fulfil data subject rights; including  access and management of the withdrawal of consent and data processing maps to demonstrate and manage privacy risk.

“This will be a huge undertaking and significant investment will be needed internally and through the use of third parties, in order to comply with the May deadline. Data continues to be a key asset for all organisations both from a legislation and competitive perspective – data is only getting bigger!”

The full report can be viewed here.

Related Articles

Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2w Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

3w Piers Wilson
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

3w Jay Ashar
Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

4w Austin Clark
Three-quarters of government organisations not DMARC compliant

Cyber Security Three-quarters of government organisations not DMARC compliant

1m Jay Ashar
MoD invites applications for the design phase of Cyber Risk Tooling

Cyber Security MoD invites applications for the design phase of Cyber Risk Tooling

2m Jay Ashar
How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

Cyber Security How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

2m Chris Huggett
Government announces projects to boost diversity in cyber security

Cyber Security Government announces projects to boost diversity in cyber security

3m Austin Clark