Local councils are being offered advice from the data protection regulator ahead of a new law coming into force next year.
The Information Commissioner’s Office (ICO) has today published the results of a survey completed by local councils at the end of last year, along with a blog highlighting guidance available to help councils achieve compliance with the new General Data Protection Regulation (GDPR).
Anulka Clarke, ICO Head of Good Practice, said: “The overarching conclusion from our analysis of the survey results was that, although there is a lot of good practice out there, with GDPR coming in May 2018, many councils have work to do to prepare for the new GDPR.
“Just this week the ICO fined Norfolk Council for a data breach involving social work files. We will issue fines where necessary but we’d much rather work with councils to help them prevent data security incidents.
“That’s why we undertook this survey, to find out where the problems are, and why the ICO will be on hand in the run up to May 2018 to help councils in their GDPR preparations.”
The ICO’s Good Practice department conducted a survey at the end of last year to find out more about information governance practices in local government. It received 173 responses.
Staggeringly, the survey discovered that a quarter of councils do not have a data protection officer, despite GDPR regulations, due to come into force in May 2018, stating that they must have one.
Other findings include:
- a third of councils are failing to complete privacy impact assessments
- more than 15% of councils do not have data protection training for staff processing personal data
- 37% of councils have no data sharing policy in place
- only 17% completeg an Information Asset Register (IAR) to show what information they hold
- 34% of councils do not carry out privacy impact assessments (PIAs)
Researchers find 16% think robots could be in place within the next one to two years
Councils are being urged to become more creative in their use of technology and more collaborative with both their citizens and other organisations
Public authorities have been reminded of the need to meet the common Public Sector Network standards
According to an independent study, 90% of organisations will be using data analytics by 2020, despite obstacles of data silos, security and lack of alignment