The EU General Data Protection Regulation (GDPR) comes into effect in the UK and across Europe on 25 May 2018. The GDPR, which represents the most significant reform of data protection laws for twenty years, will have implications for organisations across all sectors that collect and process personal data. The implications for local government are widespread. However, GDPR should not just be seen as a compliance exercise but the opportunity for councils to transform services by putting data at the heart of working and service design. Putting in place robust information and data governance is an important condition in creating an environment for successful transformation.
As such, techUK were delighted to host a panel session with industry leaders from Suffolk County Council, Eduserv and GlobalData to explore the implications GDPR will have on the local government sector, but also how to reap the benefits it can bring for service outcomes and wider organisational transformation.
Opportunity to Transform
One of the key themes throughout all the panelists’ remarks was the opportunity GDPR can bring in creating a culture of data trust and removing the barriers to data sharing. Information and data are incredibly important to public service, in terms of both intelligence value and helping design citizen centered services. As such, GDPR means councils should now review and look into what information they hold and how they manage it and fundamentally review their policies. GDPR will also require councils to put in place proper data governance. This will help build stronger relationships with more accurate, meaningful data. Ultimately ensuring good data quality will help put insights at the heart of driving service improvement.
Trust is the biggest barrier to data sharing but councils can use GDPR as an opportunity to reinvigorate training and awareness raising across the organisation to build confidence and the culture of data trust.
GDPR Part of the Transformation Puzzle
Whilst for some GDPR may not yet be part of their organisations core business operation, it should be very soon, as well as sit alongside councils ongoing transformation journey. Data sits at the heart of creating the environment for successful transformation and GDPR is a hook that can also help make the case for it at senior management level.
Privacy by Design
GDPR is an ongoing process and organisations need to change the way they think about data. Privacy and security is everyone’s responsibility in an organisation. New requirements for Privacy by Design will require anyone involved in data processing to consider their responsibilities around data protection.
Good privacy by design means defining the privacy/security requirement upfront; embedding privacy and security into existing processes and being honest and open with users.
Leadership is Key
During the question and answers session, there were lots of comments and questions on how can we make GDPR a key priority and the resounding feedback was that it needs buy-in at the top. Ideally the CEO of the council to act as the sponsor and champion of GDPR.
Although there continues to be some ambiguity around GDPR, councils should not just see the new regulation as a compliance issue but one that can help make the case for transformation and be the lever for creating a culture of data trust and confidence. GDPR is an ongoing process, and goes beyond May 2018.
For more information on techUK’s Local Government Programme and Data Protection Group, please contact: