On 20 March 2017, the Information Commissioner’s Office (ICO) published the results of its Local Government Information Governance Survey, together with recommendations to councils on their information governance practices and preparation for the implementation of the General Data Protection Regulation (GDPR) in May next year, 2018.
The ICO’s key findings from the councils it surveyed were that one-quarter do not yet have a data protection officer, whilst one-third do not conduct privacy impact assessments. Both will be requirements of the forthcoming GDPR. The ICO’s overall conclusion is that whilst councils can and do demonstrate good practice, many “have work to do”.
In response, the ICO published a blog on the key areas councils will need to consider in order to prepare for the GDPR. These include:
The ICO has stated that adhering to good practice measures under the Data Protection Act 1998 will stand organisations in good stead for the GDPR.
Although this survey was aimed solely at Local Government, there is a very real risk that these statistics are in reality, indicative of a general lack of readiness for the GDPR.
The helpful points set out above apply equally to commercial entities as to local government and we strongly recommend our clients to start thinking about the implications of the GDPR at this stage. We are in the process of helping clients get ready and in some cases, this will take a good 6 months in terms of assessing what data you hold, how it is dealt with, ensuring policies and procedures are up to date, looking at changes that will have to be made to them and ensuring staff are trained appropriately.
If you need any help in your GDPR preparation, please contact me at our Southampton Office.