‘Work to do’ to protect citizen data – but what exactly needs to be done?

Research recently published by the Information Commissioner’s Office (ICO) found that, despite many local authorities having some key documentation and roles in place, “many councils have work to do” to be ready for the EU’s General Data Protection Regulation (GDPR) by the May 2018 deadline.

What that work entails is the big question for most local authorities – and the subject of a new blog by Agilisys.

The post looks at why GDPR is an opportunity for local government and discusses why it’s much more than a tick box exercise to be handed down to the Information Governance team.

“This is not an initiative to be addressed from an ivory information governance tower,” the post says. “It is a detailed, on the ground activity. It is an asset and data flow gathering and change exercise that requires skilled resources, executive involvement and an unswerving cultural focus in every part of an organisation that deals with customer data, no matter how small.”

The post continues by saying: “The imperative is for local government staff charged with the duty of protecting citizen data – and these days that includes just about everyone – to establish a programme of work that is aligned to the organisation’s risk profile, prepares the organisation for forthcoming legislation and one that demonstrates value to its citizens.

“But first, local councils should take an honest look at whether they are prepared for the GDPR workload and seek help now if the skills, bandwidth or appetite are found to be wanting.”

The full post – which also considers the approach councils need to take to ensure effective implementation of necessary changes – can be found here.

Related reading