Data and securityGDPRSimple and affordable steps ‘can and should be taken by local authorities towards GDPR compliance’

Simple and affordable steps ‘can and should be taken by local authorities towards GDPR compliance’

Significant fines for non-compliance mean investment towards GDPR is essential, but more can be done to ease the strain

Local authorities concerned about their abilities to fund the changes needed to support GDPR, should not be deterred and instead capitalise on simple and affordable steps, which demonstrate that reasonable measures are being taken to become compliant. This is according to Tim Waterton, Senior Director of UK Business at M-Files.

Recently, the National Association of Local Councils (NALC) brought to attention the financial strains facing local authorities in becoming compliant with GDPR. Waterton stresses that while these concerns are understandable there are also simple and affordable steps that can and should be taken to demonstrate compliance.

“The GDPR is a demanding piece of legislation that many organisations, particularly those in the public sector, are struggling to get to grips with. Indeed, the Cloud Industry Forum last year found that just 10 per cent of public sector respondents were completely confident that they understood the regulation, and only 6 per cent stated that their organisation was completely prepared for it, indicating the scale of work needed to ensure compliance.

“While the ongoing squeeze on public sector budgets won’t be helping this situation, but while some level of investment will be needed to support GDPR, this doesn’t need to be unduly expensive. It really boils down to sound data hygiene practices and there are some relatively simple and cost-effective actions that public sector organisations can take to close the compliance gap.

“Local authorities are typically responsible for a huge volume of information, with data spread across multiple systems and used in a variety of ways by many departments. By creating a centralised personal data registry or information asset registry, it allows you to understand what data exists within your systems, where it is located, who has access to it and who it is shared with.

“Once you understand what data you have in your possession, you can then see how that information links to your different systems, processes, policies and procedures. That is the starting point for the transition to GDPR compliance.

“This information asset register is a hugely valuable resource and the very act of producing it will identify gaps in your data controls that need to be closed with more process improvements and stronger staff training.”

 

Don’t panic

Waterton adds that it’s important for public sector organisations not to panic about the deadline and compliance.

“With the deadline for GDPR looming, scaremongering is sure to shift into overdrive,” he says. “In truth, few organisations will be 100 per cent ready by 25 May, but even for public sector organisations currently struggling, it’s important they can demonstrate to the ICO that reasonable steps are being taken. Understanding where your data sits and how it is managed is a great starting point.

“The question we should perhaps ask is whether using that information to close a few key gaps with process improvements is likely to be viewed positively by the ICO? My guess is that it will be; alongside enhanced staff training on information management responsibilities and ensuring that everything you do is thoroughly documented.

“Ultimately, the GDPR should be seen more as an opportunity for renewal and improvement, and less of a compliance tax.”

Related Articles

Parts of OS MasterMap to be unlocked

Data Insight Parts of OS MasterMap to be unlocked

1m Austin Clark
Seven digital government trends for 2018: A mid-year update

Data Insight Seven digital government trends for 2018: A mid-year update

1m Guest Writer
Using open data to redesign public services

Data Insight Using open data to redesign public services

1m Austin Clark
People analytics: a threat or an opportunity?

Change Management People analytics: a threat or an opportunity?

2m Guest Writer
Agenda for new algorithmic ethics agency set out by select committee

Data Insight Agenda for new algorithmic ethics agency set out by select committee

2m Austin Clark
ICO launches new data protection campaign to mark 'GDPR Day'

Data Insight ICO launches new data protection campaign to mark 'GDPR Day'

2m Austin Clark
New funding to improve care through technology welcomed

Adult Social Care New funding to improve care through technology welcomed

2m Austin Clark
All London boroughs sign up to database of rogue landlords

Data Insight All London boroughs sign up to database of rogue landlords

2m Austin Clark