Councils across the UK 'struggling to meet GDPR requirements'

0
Have your say

Councils are struggling to meet new data protection laws, it's been claimed.

General Data Protection Regulation (GDPR) was brought in last year to give citizens more rights around how and where their personal information is stored.

GDPR came into force in May 2018.

GDPR came into force in May 2018.

But Wakefield Council has said it is struggling to implement all the changes they need to adapt to the new rules, and that other authorities are facing similar problems.

It's believed a rise in people requesting what data councils hold about them is occupying limited numbers of staff.

As a result, change to councils' overall strategies for GDPR has been slow.

In Wakefield, there's been a 35 per cent increase in subject access requests since GDPR came in, and staff now have to look through 1,000 more documents for every request.

And the council's audit committee was told on Monday that the authority "is not as far along as we need to be".

Legal adviser Gillian Marshall said: "Each request is taking longer and there is significantly more of them.

"That's a picture that's mirrored across local government generally.

"We've had to balance responding to subject access requests on time with the strategic implementation of GDPR and that balancing act has suffered."

The Information Commissioner's Office (ICO), which regulates data protection referred to a previous blog post it had written about the issue when asked for comment.

In that piece, written exactly a year after GDPR was introduced in May, the ICO said: "With the initial hard work of preparing for and implementing the GDPR behind us, there are ongoing challenges of operationalising and normalising the new regime.

"This is true for businesses and organisations of all sizes."

Plans are in place to address the issues in Wakefield, and more temporary staff have been recruited to deal with subject access requests.

Ms Marshall added: "We should be seeing significant improvements soon. The Information Commissioner's Office (ICO) has no concerns in relation to what we're doing at the moment."

Leeds' former deputy council leader Peter Gruen said recently GDPR were being enforced without "common sense" and that local councillors were struggling to find out information about their own communities as a result.

Comparing panic around the new laws to that which surrounded the Millennium Bug IT scare of the late 1990s, Coun Gruen said: "In that event, all that happened was IT companies got very rich overnight.

"Similarly, what’s happening now is that lawyers are getting very rich through interpreting what GDPR means.

"At the moment, everyone is taking the most risk averse approach possible, and everybody clams up.

"Eventually common sense will prevail and people will realise that this is all total nonsense. It's there to protect individuals' data. It isn't meant to be about, "We can't share (any) data"."

Local Democracy Reporting Service