Local Government GDPR Readiness: Good and will get better!


The Good Practice department at the Information Commissioner’s Office (ICO) conducted a survey on information governance practices in local government. In particular it was designed to ascertain what progress councils had made in preparing for the General Data Protection Regulation (GDPR), which comes into force on 25th May 2018. The survey received 173 responses. The full results were published on 20th March 2016.

There have been a number of negative headlines (or at least “glass half empty’ style headlines) about the ICO’s conclusion:

Many UK local councils still unprepared for GDPR

Local councils are underprepared for GDPR rules

UK Councils Lagging on GDPR Compliance

The actual ICO conclusion was:

“The overarching conclusion from our analysis of the survey results was that, although there is good practice out there, with GDPR coming in May 2018, many councils have work to do. Adhering to good practice measures under the Data Protection Act (DPA) will stand organisations in good stead for the new regulations.”

So more like “trying but need to do more.” But who doesn’t? I wonder if the same survey was conducted in the private sector would things be any different? Not according to various stories appearing on the web:

Half of businesses still not ready for GDPR

Every fourth company not ready for GDPR

Over half of the businesses are not ready for GDPR compliance

According to a recent survey, many UK businesses mistakenly think that GDPR will not apply to them as a consequence of the UK moving towards Brexit. This is despite the fact that the Government has confirmed that GDPR is here to stay.

Let’s go back to the results of the ICO survey (and let’s be positive):

  • 75% of councils have appointed a Data Protection Officer. Okay 25% have not but there is still plenty of time. Remember this is a compulsory requirement for all public authorities and public bodies. However Data Controllers can share a DPO or buy in the service provided there is no conflict of interest.  (More on the role of the DPO here.)
  • 85% of councils have data protection training for employees processing personal data. Okay 15% don’t but this is easily put right. We have a range of DPA and GDPR courses to suit a variety of budgets. These can be delivered face to face, online or at your premises.
  • Most councils carry out privacy impact assessments (PIAs) but 34% still do not. GDPR makes it a legal requirement for all Data Controllers to conduct data protection impact assessments in certain circumstances. The ICO’s Privacy Impact Assessment Code of Practice provides more advice and will be reissued for GDPR in due course. See also our PIA webinar. 
  • 93% of councils have a data protection and information security policy in place. This is good to see with the additional importance placed on security in GDPR especially breach notification.
  • 90% of councils have created a role of  Senior Information Risk Owner (SIRO) to help manage information risk.

So local government is not in such a bad state, when it comes to GDPR preparations, as some are saying. The messages to local government colleagues should be, “Full steam ahead but don’t panic!”

Who knows the name and place of the above building? Tweet your answers to @actnowtraining

We have a range of GDPR resources to help you including our GDPR Practitioner Certificate, GDPR posters and GDPR legislation booklet. We have also just launched our GDPR health check service.

About actnowtraining

Act Now Training Ltd specialise in information law. We have been providing training and consultancy services globally for over 16 years. We have an extensive GDPR and FOI course programme from live and recorded webinars, accredited foundation through to higher level certificate courses delivered throughout the country or at your premises.
This entry was posted in Data Protection, GDPR, Privacy. Bookmark the permalink.

1 Response to Local Government GDPR Readiness: Good and will get better!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s