Councils seriously unprepared for GDPR

New research has indicated that the majority of UK councils have not allocated budget towards meeting the requirements of the General Data Protection Regulation (GDPR).

GDPR, which will be formally introduction in May 2018, was passed in May 2016 with an objective to give far greater protection to the individual in terms of their rights about how to control what happens to their data.

M-Files Corporation, an information management product company, conducted freedom of information (FOI) requests to the 32 London boroughs and 44 other local authorities, and found that 76 per cent of London councils having not yet allocated budget plans towards ensuring compliance with GDPR, while 56 per cent of the local authorities reported not having appointed a Data Protection Officer, despite this being stipulated as a requirement by GDPR.

Julian Cook, vice president of UK business at M-Files, said: “At this stage we would have expected local authorities to be further along in their preparation efforts, but the data demonstrates that this is far from the case,’ he said. ‘Inadequate preparation for GDPR will have serious financial implications if these boroughs ultimately do not comply with the new rules.

“Effective data management is often one of the most labour-intensive of these challenges, with local authorities tasked with administering and protecting ever-increasing amounts of sensitive data, such as personally identifiable information (PII). However, the rules of GDPR are non-negotiable, so there needs to be a concerted effort over the coming months to make the necessary preparations for its introduction.”

Read our latest feature on GDPR, contributed by Steve Mellings, COO of Data Protection Governance and founder of Asset Disposal and Information Security Alliance (ADISA) -