Comment

21.04.17

A modern law for an increasingly digital world

Source: PSE Apr/May 17

From May 2018, a new piece of data protection legislation, the General Data Protection Regulation (GDPR), will apply in the UK. Ian Inman, group manager for public services at the Information Commissioner’s Office (ICO), outlines changes needed in the public sector and how the regulator can help.

Social service care records, contact details of housing tenants and CCTV images from a council leisure centre all contain personal details. And all organisations in the public sector are required by law to look after that personal information.

Failure to do so can cause a whole range of negative outcomes, distress for both the person whose personal data has been disclosed and the staff member who disclosed it, reputational damage for the authority concerned and a possible fine from the ICO. 

The ICO is the independent UK regulator enforcing the laws that govern privacy. Whilst we’re not afraid to use our enforcement powers when we feel it’s needed, our main aim is to help organisations get it right when it comes to using personal data – and that includes preparing for new legislation coming into force next year. 

A modern law for a digital world 

In May 2018, there will be new data protection legislation, which will apply both here in the UK and across the EU. The GDPR builds on the previous data protection legislation, but provides more protections for consumers, and more privacy considerations for organisations. It brings a more 21st century approach to the processing of personal data – a modern law for an increasingly digital world. 

Arguably the biggest change under GDPR is around accountability. The new legislation creates an obligation for organisations to understand the risks that they create for others, and to mitigate those risks. This means working on a framework that builds a culture of data protection that pervades an entire local authority or government department. 

All organisations – be they public sector, small businesses or multimillion-pound companies – need to get ready for GDPR. When it comes to public services, though, a recent ICO survey aimed at local authorities highlighted that, whilst there is good practice out there, many councils have work to do to prepare for the new legislation. 

The GDPR mandates organisations to put in place comprehensive but proportionate governance measures. That means adopting practices such as a privacy-by-design approach to projects. 

Important findings 

One of the important findings from our survey results was that although most councils carry out privacy impact assessments (PIAs), 34% do not. That will need to change. GDPR makes it a legal requirement for local authorities to conduct PIAs in certain circumstances. 

Councils will benefit from producing their own PIA process and accompanying guidance to ensure privacy issues are considered as part of projects. 

A quarter of councils also told us they don’t have a data protection officer. Under GDPR the role of data protection officer is required in all public authorities. 

ICO 12-step plan 

The ICO is committed to helping organisations across the public sector adapt to meet the requirements of GDPR, such as PIAs and data protection officers. 

A good place to start is the ICO’s 12-step plan to help organisations prepare for the GDPR. Available through our website, it sets out advice on making sure key decision-makers know the law around personal information is changing, documenting the information the business holds and reviewing privacy notices.

If you already have some knowledge of GDPR and our 12 steps, I encourage you to read our ‘Overview of the GDPR’ document, which highlights the key themes of the new legislation, pointing to the similarities with the Data Protection Act, and explaining some of the new and different requirements. 

We are developing the overview as a living document, adding content on different points as more guidance is produced by us and our equivalent regulators in Europe. It’s worth adding the page to your favourites so that you can check regularly for updates, which will be clearly flagged in the ‘what’s new’ section. Where we are working on guidance, or when we are planning events or consultations on a particular issue during the year, we will flag these in the overview too. 

Other guidance on the ICO website well worth a read for those in the public sector includes our Privacy Impact Assessment Code of Practice, which will be reissued for GDPR in due course. And our website also includes a blog looking in more detail at the results from the local government survey discussed earlier in this piece. 

983 computer security

The culture change challenge 

Of course, changing the culture of an organisation isn’t an easy thing to do, but the ICO will be there to help along the way. 

Staff training will be at the heart of that change. Our survey found 18% of councils do not have mandatory data protection training for employees processing personal data. Staff not knowing what they need to about data protection is behind many of the security incidents our enforcement team sees in the local government sector. All the guidance on our website can be used for training, including our dedicated training resource area.

 It is vital staff keep data protection in mind and that will be the case more than ever when GDPR comes into force. Don’t forget to train temporary staff and provide regular refresher training.

Public sector staff may ask, or be asked – as we often are — what happens when the UK leaves the EU. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of GDPR. 

It is possible that in the years after the UK leaves the EU, Parliament will debate amending the requirements of the GDPR. If that happens, we will be at the centre of any conversations around this, and will be banging our drum for continued protection and rights for consumers and clear laws for organisations. We’ll still need strong data protection laws for that so we don’t see the rules being loosened. 

Preparing for GDPR must not be put off. It’s happening and that means changes to how the public sector does things. 

And finally, a quick plug for our e-newsletter. It will give you regular updates on the guidance we’re publishing, the webinars we’re hosting and the work we’re doing, as well as serving as a monthly reminder of the need to prepare for GDPR.

For more information

W: www.ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr

Comments

There are no comments. Why not be the first?

Add your comment

related

public sector executive tv

more videos >

latest public sector news

Leeds’ Clean Air Zone Plans Suspended for the foreseeable future

19/08/2020Leeds’ Clean Air Zone Plans Suspended for the foreseeable future

Leeds City Council have today (August 19) announced that their plans for a Clean Air Zone within the city may not have to go ahead due to lower e... more >
Colleges set to receive £200m in Funding

19/08/2020Colleges set to receive £200m in Funding

Over 180 colleges are set to receive a share of £200m, in order to repair and refurbish buildings and campuses. The funding makes up p... more >
UK climate change projects to receive £14m funding

18/08/2020UK climate change projects to receive £14m funding

The National Lottery Community Fund has announced the first 14 grants from the Climate Action Fund going to communities across the UK to tackle c... more >

the raven's daily blog

Cleaner, greener, safer media: Increased ROI, decreased carbon

23/06/2020Cleaner, greener, safer media: Increased ROI, decreased carbon

Evolution is crucial in any business and Public Sector Executive is no different. Long before Covid-19 even became a thought in the back of our minds, the team at PSE were looking at innovative ways to deliver its content to our audience in a more dynamic and responsive manner. We’re conscious to take the time to both prot... more >
read more blog posts from 'the raven' >

interviews

Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need to invest in technology to help make better use of their resources. Bu... more >
Digital innovation in the public sector: The future is now

17/12/2018Digital innovation in the public sector: The future is now

One of the public sector’s key technology partners has recently welcomed a new member to its team. Matt Spencer, O2’s head of public ... more >
New Dorset Councils CEO on the creation of a new unitary: ‘This is going to be the right decision for Dorset’

05/11/2018New Dorset Councils CEO on the creation of a new unitary: ‘This is going to be the right decision for Dorset’

The new chief executive of one of the new unitary authorities in Dorset has outlined his approach to culture and work with employees, arguing tha... more >
Keeping the momentum of the Northern Powerhouse

15/10/2018Keeping the momentum of the Northern Powerhouse

On 6 September, the biggest decision-makers of the north joined forces to celebrate and debate how to drive innovation and improvement through th... more >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been th... more > more last word articles >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this... read more >

public sector focus

LGA: ‘Air pollution is a major public health issue’

17/08/2020LGA: ‘Air pollution is a major public health issue’

The Local Government Association (LGA) has ca... more >
Automating back-office processes for local authorities

29/07/2020Automating back-office processes for local authorities

Words provided by Cantium Business Solutions,... more >