The EU General Data Protection Regulation (GDPR) comes into effect in the UK and across Europe on 25 May 2018. The GDPR, which represents the most significant reform of data protection laws for twenty years, will have implications for organisations across all sectors that collect and process personal data. The implications for local government are widespread.
A pressing issue for local government is consent. All UK public sector organisations will need to have consent or one of five other specific legal basis to hold and process personal data, including all legacy data. As outlined in Eduserv’s GDPR Guidance for Councils, the regulation stipulates that anyone a council holds information on must give their explicit and ‘informed’ consent for their data to be retained for a set period of time and processed. Individuals must be made aware of how their information is protected, what it’s used for, and what the risks are.
A survey from the Information Commissioner Office Good Practice department found that while there is good information governance practice, many councils still have a lot of work to do to get ready for GDPR. The survey found that a quarter of councils don’t have a data protection officer, which will be mandatory for public authorities under GDPR. Additionally 34% of councils still do not carry out Privacy Impact Assessments (PIAs) which will be a legal requirement under GDPR for councils to conduct data protection impact assessments in certain circumstances.
GDPR should not just be seen as a compliance exercise but the opportunity for councils to transform services by putting data at the heart of working. Putting in place robust information and data governance is an important condition in creating an environment for successful transformation.
This event will bring together tech industry leaders active in the local government market, with councils to understand the implications GDPR will have on their sector, what they need to do to support clients/colleagues to be ready for GDPR next year whilst also reaping the benefits it can bring for service outcomes and wider organisational transformation.
The discussion will include issues such as:
- Is local government ready for GDPR and what else needs to be done to ensure it is ready in time?
- How will councils deal with subject access requests, the right to be forgotten and the right to data portability?
- How do we put GDPR higher up on the council leadership agenda?
- How can GDPR be seen as an opportunity rather than a compliance issue?
- Will GDPR help make the case for transformation?
Speakers confirmed for this event:
- Georgina Maratheftis, Programme Manager - Local Government, techUK (Chair)
- James Mulhern, Chief Information Security Officer, Eduserv
- Chris Bally, Assistant Chief Executive, Suffolk County Council
- Gary Smith, VP Sales and Marketing, PhixFlow Ltd
More speakers will be announced shortly.
This event is open to techUK members and local government.