Councils urged to improve data protection practices to comply with GDPR

Many councils have considerable work to do to in order to comply with the new General Data Protection Regulation (GDPR) that will come into force in May 2018, a survey conducted by the Information Commissioner’s Office (ICO) has revealed.

The ICO questioned councils at the end of last year about the effectiveness of information governance practices receiving a total of 173 responses.

While the findings found that “positive measures” were being put in place in councils to ensure data was being handled and protected correctly, the survey also highlighted that there was “work to do” in many local councils to adhere to the Data Protection Act in order to fall in line with the incoming regulations.

Strikingly, only a quarter of councils had a data protection officer in place, despite the GDPR requiring that all public authorities have one by next year. On top of this, the ICO found that more than 15% of councils did not have data protection training available for staff processing personal data.

It was also found that around a third (34%) of local authorities didn’t have privacy impact assessments (PIA), another requirement that all councils will have to meet when the GDPR makes the assessments a legal requirement next year.

To bring councils up to speed with the new regulation, the ICO set out a number of key recommendations, including adopting a “privacy by design approach” by pushing councils to produce their own PIA processes as well as guidelines for staff to make sure that privacy issues are delivered alongside the projects, and also review the processes annually.

The importance of having the right staff in place and equipping them to know how to handle data was also revealed to be crucial.

ICO called for all councils to establish an Information Asset Register to help staff know what information the authority holds, where it is, and which Information Asset Owner is responsible for it. Data also needed to be consistently monitored and benchmarked to facilitate improvement.

The survey also said that staff needed better knowledge about the regulations, stating: “It’s vital all staff keep data protection in mind – staff not knowing what they need to about data protection is behind many of the information security incidents our enforcement team sees in the local government sector.”

The breaches the ICO refer to include Nottinghamshire Borough council, who announced that it had experienced a cyber security break last year. There was also concern raised at Redbridge Council when the ICO conducted an audit into the council’s data protection processes and found that its systems for handling and complying with data regulations was “unacceptable”.

The ICO added: “In the wake of an information security incident, swift reporting, containment and recovery of the situation is vital. Every effort should be taken to minimise the potential impact on affected individuals.

“As such, it’s a good idea to have a proper incident management process. Yet our survey showed 14% of councils do not have an Information Security Incident Management Policy and 22% do not consider reports and KPIs for information security breaches.”

Have you got a story to tell? Would you like to become a PSE columnist? If so, click here 


There are no comments. Why not be the first?

Add your comment

public sector executive tv

more videos >

latest news

View all News


Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues t... more >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this feeling of imminent change than the article James Palmer, mayor of Cambridgeshire and Peterborough, has penned for us on p28. In it, he highlights... read more >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been the r more > more last word articles >


Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need ... more >

the raven's daily blog

Cleaner, greener, safer media: Increased ROI, decreased carbon

23/06/2020Cleaner, greener, safer media: Increased ROI, decreased carbon

Evolution is crucial in any business and Public Sector Executive is no different. Long before Covid-19 even became a thought in the back of our minds, the team at PS... more >
read more blog posts from 'the raven' >

public sector events

events calendar


August 2020

mon tue wed thu fri sat sun
27 28 29 30 31 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31 1 2 3 4 5 6

featured articles

View all News