Councils have work to do to prepare for new data protection law, ICO says

Local councils are being offered advice from the data protection regulator ahead of a new law coming into force next year.

The Information Commissioner’s Office (ICO) has today published the results of a survey completed by local councils at the end of last year, along with a blog highlighting guidance available to help councils achieve compliance with the new General Data Protection Regulation (GDPR).

Anulka Clarke, ICO Head of Good Practice, said: “The overarching conclusion from our analysis of the survey results was that, although there is a lot of good practice out there, with GDPR coming in May 2018, many councils have work to do to prepare for the new GDPR.

“Just this week the ICO fined Norfolk Council for a data breach involving social work files. We will issue fines where necessary but we’d much rather work with councils to help them prevent data security incidents.

“That’s why we undertook this survey, to find out where the problems are, and why the ICO will be on hand in the run up to May 2018 to help councils in their GDPR preparations.”


Survey results

The ICO’s Good Practice department conducted a survey at the end of last year to find out more about information governance practices in local government. It received 173 responses.

Staggeringly, the survey discovered that a quarter of councils do not have a data protection officer, despite GDPR regulations, due to come into force in May 2018, stating that they must have one.

Other findings include:

  • a third of councils are failing to complete privacy impact assessments
  • more than 15% of councils do not have data protection training for staff processing personal data
  • 37% of councils have no data sharing policy in place
  • only 17% completeg an Information Asset Register (IAR) to show what information they hold
  • 34% of councils do not carry out privacy impact assessments (PIAs)

You can view the full results of the survey here and read the blog in full here.

Related reading